CHCon Training - Advanced Web Hacking and Secure Coding
Event Information
Description
Trainer: Vikram Salunke
Abstract: Tired of alert('xss')? You want to learn advanced web hacking techniques then this training is for you. Training starts with the basic web app hacking and then move into more advanced stuff such as bypassing the XSS filters, HTML5 attacks and recent vulnerabilities such as Shellshock, Heartbleed, POODLE etc. This training is Hands-on training on Web Hacking and Secure coding. This training covers both offensive and defensive approach towards web applications. This training covers how to write secure code in multiple languages such as PHP, Java, C# etc. Lab contains multiple CMS such as Wordpress, Drupal, Joomla and multiple databases such as MySql, SQL Server, MongoDB etc. You will learn how to exploit and attack machines in the internal network using public facing servers. It contains secure coding practices recommended by OWASP. This training contains over 50 labs and 30+ challenges which are inspired by real world vulnerabilities and case studies.
Topics:
- User Enumeration
- Authentication and Password management
- Information Leakage
- HTTP Verb Tampering
- HTML Injection
- Cross Site Scripting (XSS)
- iFrame Injection
- LDAP Injection
- CSS Injection
- AJAX Security - JSON Injection
- CSRF
- Clickjacking
- Insecure direct object reference
- Open Redirects
- Broken Access Control
- SSRF
- SSI Injection
- JavaScript Validation Bypass
- SQL Injection
- JSON Hijacking
- Session Management
- Cookie Stealing
- Man-in-the-Middle
- HTML5
- XML, XPATH and XQUERY language injection
- JSON Web Token
- Insecure System Configuration
- RCE
- Path traversal
- LFI
- RFI
- HTTP Response Splitting
- Shellshock vulnerability
- Heartbleed vulnerability
- OWASP Top 10 Attacks
- OWASP Secure Coding Practices
- Logical Flaws
- and more...
Level: Intermediate.