Hack7: Web Application Hacking

Vulnerabilities in web applications are a popular target for hackers, as these often enable them to steal confidential data and penetrate further into the company network. During this two-day workshop, the participants will learn how hackers break into web applications and what risks applications may be exposed to. The training course presents the most common attacks in theory and practice. The objective is to enable the participants to personally carry out attacks on a web application, which was specially created for this purpose, at the end of the second training day.

Topics

Cross-site scripting (XSS)

  • Taking over user sessions
  • Privilege escalation
  • Pasword theft

Cross-site request forgery (XSRF)

SQL injection

OS command injection

Local/remote file inclusion (LFI/RFI)

  • Server attacks with your own program code

Session management

  • Getting to know the session management
  • Taking over of external sessions
  • Understanding of cookies and exploitation of flaws
  • Password-guessing attacks

Cookies

  • What should be observed during generation and use of (session) cookies?

Browser security

  • Same-Origin Policy
  • Cross-Origin Resource Sharing

CAPTCHA

  • Automated attacks and identification of weaknesses in protection measures

Exercises

  • Deepening the learning content by practical exercises of all topics
  • Independent analysis of a complete web application
  • Deserialization attacks

Technical requirements

Basic knowledge of HTML, HTTP and SQL

Duration

Two days

Dates

06.-07.02.2024 / 15.-16.10.2024 (online)

06.-07.05.2024 / 16.-17.07.2024 (Tübingen)

Price

€ 1596,00

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number