Practical Web Hacking

Welcome to this course on Practical Web Hacking. This course follows on from the Practical Bug Bounty course and will take you deeper into the world of finding and exploiting vulnerabilities in web applications. It’s recommended that you have completed the Practical Bug Bounty course or at least one year’s worth of experience in hacking web applications before you take this course. In this course, you will develop a deeper understanding of how web attacks work, learn to craft custom payloads, and build a methodology for finding and exploiting more complex vulnerabilities. 

• How web applications work
• Authentication attacks
• Broken access control
• Server-side request forgery
• Advanced SQL injection attacks and NoSQL injection
• File inclusion
• XML External Entity Injection
• XSS and filter bypasses
• Attacking JSON Web Tokens
• Mass assignment
• Open redirects
• Race conditions
• Capstone challenge

By the end of the course you will have a good understanding of how these attacks work, be able to find them in situations that are not immediately obvious or overlooked by automated scans and fuzzing. You will also be able to modify and craft custom payloads to bypass filters or achieve exploitation in unusual circumstances.

• A computer able to run a Linux virtual machine
• Completion of the Practical Bug Bounty course OR 1 years web hacking experience
•  A positive attitude

Practical Web Hacking is aimed at those who want to understand, find and exploit vulnerabilities within web applications for penetration testing and bug bounty hunting. This is an intermediate course so an understanding of web applications and basic attacks is required. If you’re new to web application security testing then we recommend you take the Practical Bug Bounty course first. This course is also ideal for experienced network penetration testers who want to improve their web application testing skills. 

• Introduction
  • Welcome To The Course
  • Lab Setup
  • Course Support
  • Web Application Components
  • HTTP
• Authentication
  • Introduction to Authentication
  • Brute-Force Attacks
  • Challenge Walkthrough
  • Response Timings
  • Challenge Walkthrough
  • Session Tokens and Sequencer
  • Multi-Factor Authentication
  • Challenge Walkthrough
• Access Control
  • Introduction to Access Control
  • IDOR (Insecure Direct Object Reference)
  • Challenge Walkthrough
  • Attacking Weak Access Controls
  • Challenge Walkthrough
• SSRF (Server-Side Request Forgery)
  • Introduction to SSRF
  • Challenge Walkthrough (feat. Turbo Intruder)
  • Blind SSRF
  • Challenge Walkthrough
• SQL Injection
  • Introduction to SQL Injection
  • Blind SQL Injection
  • Challenge Waklthrough
  • NoSQL Injection
• File Inclusion
  • Introduction to File Inclusion
  • File Inclusion Payloads
  • Challenge Walkthrough
  • Bypassing Filters
  • File Inclusion to RCE
  • Challenge Walkthrough
  • File Inclusion Prevention
• XXE (XML External Entity Injection)
  • Introduction to XXE
  • Common XXE Attacks
  • Challenge Walkthrough
  • XXE via XInclude
  • Challenge Walkthrough
• XSS / JavaScript Injection
  • Introduction to XSS
  • DOM Invader
  • Challenge Walkthrough
  • Going Beyond alert(1)
  • Filter and WAF Evasion Techniques
• JWTs (JSON Web Tokens)
  • Introduction to JWTs
  • JWT Signature Attacks
  • Challenge Walkthrough
  • JWT_Tool
  • Header Injection
• Mass Assignment
  • Mass Assignment
• WebSockets
  • Introduction to WebSockets
  • WebSocket Hijacking
• Open Redirects
  • Open Redirects
• Race Conditions
  • Introduction to Race Conditions
  • Single Endpoint Race Conditions
  • Multi-Endpoint Race Conditions
  • Challenge Walkthrough
• Capstone Challenge
  • Launching the Capstone
  • Capstone Walkthrough
  • Thank you & see you next time!
  • Next Steps: The Practical Web Pentest Professional (PWPP) Certification