Portuguese English German

Web Hacking

Web Hacking


In this workshop attendees will learn how the main attacks in web application happen and how to prevent them. All topics are very practical and performed by me, an instructor very well rated on courses that I lecture.

This workshop is focused on web developers who want to know how attacks work and how code defensively to protect from them. But more than teaching attacks, this workshop aims to pass the security mindset for developers. Actually security professionals and quality assurance (QA) professionals are able to grasp the workshop as well and very welcome.

Today's development courses lack important security concepts that only stick to the developers' mind when a real attack takes place. In this workshop they'll know how to hack themselves first and expand their security knowledge.

The big differentiator here is not the content itself only, but how it will be delivered and by whom. It's easy - in my concept - to teach someone about Cross-Site Request Forgery (CSRF) for example, but it's much harder to explore it and mitigate it in a real world scenario.

Take my Cross-Site Request Forgery (CSRF) post for example to see how far an attack can extend to. This kind of didactic and in-depth analysis is what you should expect from this workshop.

That said, I'd like to share with you all topics that will be covered:

Day 1

Topic Start Time
Introduction - 30 min 09:00
Web Application Reconnaissance - 1 hour 09:30
Break - 30 min 10:30
Cross-Site Scripting (XSS) - 1.5 hours 11:00
Lunch - 1 hour 12:30
Cross-Site Request Forgery (CSRF) - 1.5 hours 13:30
Break - 30 min 15:00
Server Side Request Forgery (SSRF) - 30 min 15:30
Man-In-The-Middle, HTTPS - 1 hour 16:00
Close 17:00

Day 2

Topic Start Time
SQL Injection - 1.5 hours 09:00
Break - 30 min 10:30
Password Cracking - 1 hour 11:00
Brute Forcing Attacks - 30 minutes 12:00
Lunch - 1 hour 12:30
Security Headers - 1 hour 13:30
Session Hijacking - 30 min 14:30
Break - 30 min 15:00
Defeating Captchas - 30 min 15:30
Account Enumeration - 30 min 16:00
Review and Considerations - 30 min 16:30
Close 17:00

More Details

Attendees will take away knowledge on several web application security attacks, defenses and concepts from this workshop that could be applied from day 1 in their projects or companies.

It's also worth mention that each classroom may need a different focus and may have a different pace, thus every workshop ends up being tailored to the audience.

I'm also very worried about the knowledge absorption rate. Because of that, all modules that have a practical demonstration are structured in this way:

  1. An overview
  2. A Practical Exercise
  3. Discussion and Review


In the end of this workshop, all attendees will get all slides and exercises used.

Price and Audience

Price may vary depending on many factors such as location, hosting fees, etc, thus I shall ask you to get in touch first. All I can tell you in advance is that the price is per day, not per head. The idea here is that I want to allow as many people as possible to take the workshop, as long as it cover my fees.

It's also worth noticing that small groups result in higher attention for each individual. Groups up to 8 are the best, although the headcount can go up to 20. More than that will be more a talk than a class, so it's good to have this constraint in order to keep the knowledge absorption rate high.

And that's it.

I hope to receive your email asking for more information :)