$1999.99
Buy Now
Or preview some of the content.
1667 Minutes of Personalized Content
135 Lectures
Assignments
29 Attachments
Certificate of Completion
Lifetime Access to Course & Updates
Satisfaction Guarantee

Training 5+ people?
Contact us for offers and discounts.

Advanced Web Hacking

From OWASP Top 10 to Dynamic SMT Solvers



5.0
( 6 ratings) 33 students enrolled
Created by ZDResearch Training Last updated 9/2018

Description

This course is tailored for all security researchers, penetration testers and web designers who like to receive in-depth knowledge of web application security from a hacker's perspective.

This is the flagship web application security course provided by ZDResearch Training. In this course you will go through a multitude of web application security topics, all accompanied by demos and hands-on labs. Topics will cover traditional OWASP Top 10 issues as well as several other cutting-edge topics, such as HTML5 attacks, Source Code Auditing and Analysis, CAPTCHA bypass and many more.

Advanced Web Hacking course is the product of 10+ years of web application vulnerability research performed by ZDResearch hunters. Not only it will go through some of the typical methods and techniques used to attack and exploit (as well as defend) web applications, it will teach you the delicate tricks of the trade in the process. For example, you will learn how to fully exploit a system that only allows SQL injection into the LIMIT BY clause, or how to bypass taint based web application firewalls.

Pre-Requirements

This course requires basic programming skills, familiarity with HTTP, HTML, CSS, Javascript, at least one server side scripting language besides Javascript (e.g., PHP), as well as a high-speed Internet.

Goals

The graduates of this course will be able to pwn 70%+ of the web applications on the Internet, and should be fully qualified to find bug bounties in popular web applications such as Facebook and Gmail. They would also be able to perform advanced web application security analysis, testing and auditing.

Certification

Upon successful completion of this course, you will receive a completion certificate from Exdemy. You will also be eligible to take ZDResearch Advanced Web Hacker exam, which is based on this course, and receive the ZDResearch Advanced Web Hacker (ZAWH) certificate.

Topics

  • SQL Injection
  • Advanced SQL Injection
  • Command Injection
  • Code Injection
  • XML Injection
  • XSS
  • CSRF
  • HTML5 CORS
  • HTML5 Web Storage
  • HTML5 Cross-Window Messaging
  • HTML5 Access Control
  • Web Sockets
  • HTML Video/Audio
  • Session Management Attacks
  • Web Service Attacks
  • Authentication Attacks
  • Authorization Attacks
  • Single Sign-On Attacks
  • CAPTCHA Bypass
  • HTTP Tampering
  • WAF Bypass
  • COTS Vulnerabilities
  • Redirect Abuse
  • Denial of Service
  • Source Code Auditing
  • Taint Tracking
  • Taint Inference
  • Dynamic Code Analysis
  • Constraint Solving

Requirements

  • Basic Programming
  • HTTP
  • HTML
  • CSS
  • Javascript
  • PHP

Target Audience

  • Web Application Penetration Testers
  • Security Researchers
  • Code Auditors
  • Bug Bounty Hunters
  • Web App Auditors
Expand All 161 items27:46:44

Curriculum

1 Advanced SQL Injection
265 1. Lecture 1 Prologue
83 2. Lecture 2 Introduction
292 5. Lecture 5 Finding SQL Injection
293 7. Lecture 7 Patch SQL Injection
87 8. Lecture 8 DBMS Detection
294 10. Lecture 10 Authentication Bypass
89 11. Lecture 11 Union-Based Injections
295 12. Lecture 12 Dump Table
296 14. Lecture 14 Write Files
91 15. Lecture 15 Blind Injections
92 16. Lecture 16 Double-Blind Injections
297 17. Lecture 17 Blind Injection
93 18. Lecture 18 Error-Based Injections
94 19. Lecture 19 System Takeover
95 20. Lecture 20 Automated Tools
96 21. Lecture 21 Bypassing Blacklists
298 22. Lecture 22 Bypass Blacklists
98 24. Lecture 24 Second Order Injections
299 25. Lecture 25 Second Order SQL Injection
2 Other Injection Attacks
3 XSS Attacks
163 45. Lecture 1 Introduction
164 46. Lecture 2 Reflective XSS
165 47. Lecture 3 Reflective XSS Demo
303 48. Lecture 4 Reflective XSS
167 50. Lecture 6 Persistent XSS
168 51. Lecture 7 Persistent XSS Demo
170 53. Lecture 9 DOM XSS
171 54. Lecture 10 DOM XSS Demo
173 56. Lecture 12 Mutation XSS
174 57. Lecture 13 Mutation XSS Demo
304 59. Lecture 15 Session Hijacking with XSS
177 61. Lecture 17 Phishing With XSS
178 62. Lecture 18 XSS Keyloggers
179 63. Lecture 19 Clickjacking With XSS
182 66. Lecture 22 Remote Control With XSS
183 67. Lecture 23 Bypassing XSS Filtering
306 68. Lecture 24 XSS And Encodings
305 69. Lecture 25 Bypassing XSS Filters
184 70. Lecture 26 Preventing XSS
307 71. Lecture 27 Prevent XSS
4 CSRF Attacks
5 HTML5 Attacks
6 Session Management Attacks
7 Web Service Attacks
213 103. Lecture 1 Introduction
215 105. Lecture 3 Attacking REST
216 106. Lecture 4 REST API
217 107. Lecture 5 Input Validation In REST
218 108. Lecture 6 Access Control In REST
312 109. Lecture 7 Bypass Access Control
219 110. Lecture 8 JSON Web Token
220 111. Lecture 9 JSON Web Token Demo
313 112. Lecture 10 JSON Web Token
221 113. Lecture 11 Security Headers In REST
222 114. Lecture 12 Error Handling In REST
224 116. Lecture 14 Attacking SOAP
225 117. Lecture 15 Input Validation In SOAP
226 118. Lecture 16 WSDL Enumeration
227 119. Lecture 17 WSDL Enumeration Demo
314 120. Lecture 18 Wordpress Content Injection
228 121. Lecture 19 SAX Injection
229 122. Lecture 20 SAX Injection Demo
230 123. Lecture 21 SOAP SQL Injection Demo
232 125. Lecture 23 SSRF Real World Example

Reviews

OM
2018-08-16 21:44:43
Omid Mohammadi


Hi! Thanks for your Course. I just started it now, and watched first two videos.Every thing sounds nice.I'm installing docker to get ready for more serious parts :))
AR
2018-09-25 15:53:51
Asif Rahman


I was looking for a good web hacking course for a long time! I give this course 5 stars, because the speaker does not hold any knowledge back and gives many practical exercises.
Rd
2018-09-01 23:25:00
Ramon de Calle


Having enrolled in three other web hacking courses, I'd rank this one the best so far. The details of hands-on demos, as well as the instrucftor explanations after each demo coupled with online labs help get through any area that I'm a little rusty at. I have not yet finished this long course, but I've got my money's worth so far.
RS
2018-08-05 12:07:04
Rahul Singh


I have been waiting for this course since July 2016 after taking other ZD Research courses. It finally came out now! The course was well worth waiting for though, very detailed and informative I wish ZD Research made more courses such as this one.
SP
2019-08-24 11:12:55
SOHRAB PARAUDZINS


Thank's From ZDresearch for their support and this is a great and functional package. Sohrab ////keramat