Advanced Web Hacking (AWH) – Perfil

Esquema Detallado del Curso

Module 1: Hacking and Securing web and application servers

  • Attacking Authentication
  • Advanced Username Enumeration/
  • Brute Force Issues
  • Exploiting SSO
  • Session Management Issues
  • Business Logic Bypass
  • Authorization Issues

Module 2: Parameter Manipulation Attacks

  • Cookie Analysis
  • SSL Misconfiguration and Man in the Middle Attacks
  • XSS: The Concept
  • Same Origin Policy
  • Identifying XSS
  • Exploiting XSS
  • Pitfalls in Defending XSS

Module 3: Identifying Cross Site Request Forgery (CSRF)

  • Exploiting CSRF
  • Fixing CSRF
  • Carriage Return & Line Feed (CRLF) injection
  • Hacking APIs
  • SQL Injection
  • LDAP, XPATH, XXE Injections
  • Insecure HTTP Methods
  • Malicious File Uploads