Web Hacking
Introduction
In this workshop attendees will learn how the main attacks in web application happen and how to prevent them. All topics are very practical and performed by me, an instructor very well rated on courses that I lecture.
This workshop is focused on web developers who want to know how attacks work and how code defensively to protect from them. But more than teaching attacks, this workshop aims to pass the security mindset for developers. Actually security professionals and quality assurance (QA) professionals are able to grasp the workshop as well and very welcome.
Today's development courses lack important security concepts that only stick to the developers' mind when a real attack takes place. In this workshop they'll know how to hack themselves first and expand their security knowledge.
The big differentiator here is not the content itself only, but how it will be delivered and by whom. It's easy - in my concept - to teach someone about Cross-Site Request Forgery (CSRF) for example, but it's much harder to explore it and mitigate it in a real world scenario.
Take my Cross-Site Request Forgery (CSRF) post for example to see how far an attack can extend to. This kind of didactic and in-depth analysis is what you should expect from this workshop.
That said, I'd like to share with you all topics that will be covered:
Day 1
| Topic | Start Time |
|---|---|
| Introduction - 30 min | 09:00 |
| Web Application Reconnaissance - 1 hour | 09:30 |
| Break - 30 min | 10:30 |
| Cross-Site Scripting (XSS) - 1.5 hours | 11:00 |
| Lunch - 1 hour | 12:30 |
| Cross-Site Request Forgery (CSRF) - 1.5 hours | 13:30 |
| Break - 30 min | 15:00 |
| Server Side Request Forgery (SSRF) - 30 min | 15:30 |
| Man-In-The-Middle, HTTPS - 1 hour | 16:00 |
| Close | 17:00 |
Day 2
| Topic | Start Time |
|---|---|
| SQL Injection - 1.5 hours | 09:00 |
| Break - 30 min | 10:30 |
| Password Cracking - 1 hour | 11:00 |
| Brute Forcing Attacks - 30 minutes | 12:00 |
| Lunch - 1 hour | 12:30 |
| Security Headers - 1 hour | 13:30 |
| Session Hijacking - 30 min | 14:30 |
| Break - 30 min | 15:00 |
| Defeating Captchas - 30 min | 15:30 |
| Account Enumeration - 30 min | 16:00 |
| Review and Considerations - 30 min | 16:30 |
| Close | 17:00 |
More Details
Attendees will take away knowledge on several web application security attacks, defenses and concepts from this workshop that could be applied from day 1 in their projects or companies.
It's also worth mention that each classroom may need a different focus and may have a different pace, thus every workshop ends up being tailored to the audience.
I'm also very worried about the knowledge absorption rate. Because of that, all modules that have a practical demonstration are structured in this way:
- An overview
- A Practical Exercise
- Discussion and Review
Material
In the end of this workshop, all attendees will get all slides and exercises used.
Price and Audience
Price may vary depending on many factors such as location, hosting fees, etc, thus I shall ask you to get in touch first. All I can tell you in advance is that the price is per day, not per head. The idea here is that I want to allow as many people as possible to take the workshop, as long as it cover my fees.
It's also worth noticing that small groups result in higher attention for each individual. Groups up to 8 are the best, although the headcount can go up to 20. More than that will be more a talk than a class, so it's good to have this constraint in order to keep the knowledge absorption rate high.
And that's it.
I hope to receive your email asking for more information :)