Search

TRAININGS

Hacking Extreme Web Applications

Web-based applications have become favorite targets; not only because more and more companies provide web services, online shops, banking applications, employee portals and other interactive applications with web front ends, but also because new methods are available allowing for attacking and manipulating these systems.

Training Content

“Hacking Extreme Web Applications” is concerned with attacks on web applications and back-end systems.

The intensive course teaches you about the methods used by attackers, and both well-known and lesser known techniques for attacking web applications and the databases and back ends located behind them. 

In several laboratory exercises, you will get to put into practice what you have learned. For this purpose, each participant will be provided with numerous tools and exploits, which go far beyond usual scanners. In addition to several aha moments, participants will be able to evaluate and assess security-relevant questions realistically this way.

The trainers carry out security audits on a regular basis, and they are known as experts in the application security field.

The training covers all OWASP Top Ten 2013 vulnerability types.

Main topics:

Information gathering

  • Traditional information gathering by banners, error pages, etc.
  • Webserver fingerprinting
  • Using crawlers
  • Identifying metadata information
  • Decompiling client components (Flash, Java applets, Silverlight)

Attacks on web and application servers

  • Software vulnerabilities in web and application servers (buffer overflows, etc.)
  • Exploiting misconfigurations (directory listings, etc.)
  • Application framework vulnerabilities

Attacks on the transmission

  • Eavesdropping on the communication, SSL-man-in-the-middle attacks
  • SSL vulnerabilities and misconfigurations
  • Vulnerabilities in application level encryption

Attacks on the application

  • Attacks on the authentication process
  • Attacks on stored passwords
  • Bypassing CAPTCHAs
  • Attacks on the session management
  • Cross-site scripting (persistent, non-persistent, DOM-based)
  • Cross-site request forgery (CSRF), vulnerabilities in anti-CSRF mechanisms
  • Server-Site Request Forgery (SSRF)
  • Vulnerabilities in function level access control
  • Vulnerabilities in object level access control
  • File inclusion (local/remote)
  • Open redirects
  • Command injection
  • Attacks using serialized objects
  • File upload vulnerabilities
  • Application logic vulnerabilities
  • Vulnerabilities in client-side JavaScript logic
  • Attacks on AJAX services
  • HTML5-based attack vectors
  • Web spoofing
  • CORS (cross-origin resource sharing)
  • Attacks based on third-party resources integrated in the application
  • Logging of security-relevant events to track attacks
  • Attacks facilitated by an insecure architecture

Attacks on the back end

  • SQL injection / blind SQL injection
  • LDAP injection
  • Vulnerabilities in web services
  • XML injection / XML bombs
  • XPath injection
  • XSLT injection

Systems covered:
Unix-based or Windows-based web servers, databases, application servers, etc.

Target group:
Administrators and security managers who are not afraid to see security through the attacker’s eyes, diving deeply into his world. The training is also interesting for developers and administrators of web servers and e-business systems. 

This course must definitely be considered an “advanced” training. The number of participants is limited to make sure the instruction is individual and effective.

Prerequisite:
Basic knowledge of HTTP, HTML and in the web server and database field. The exercises partly require using command-line tools on Linux. The trainers will be happy to assist in managing them in case help is needed.

Price:
€ 2,400 

This training will be held in German.

You will receive CPE Points for participating in the Hacking Extreme Web Applications training. The training takes 24 hours. You will get a certificate after having completed the training.

Dates: 
March 18-20, 2025 in Cologne
June 24-26, 2025 in Frankfurt
November 25-27, 2025 in Ludwigsburg

Place:
The training course will take place in fine, selected hotels:

We will gladly reserve a room for you at a special rate in the hotel where the training course takes place.

We may also gladly offer you the course in form of an in-house training.

Online registration

Your Trainers

Joshua Tiago

Managing Consultant

Benjamin Häublein

Senior Consultant

Simon Kömpf

Managing Consultant

Michael Brügge

Managing Consultant

Duration

3 days

Dates

March 18-20, 2025 in Cologne
June 24-26, 2025 in Frankfurt
November 25-27, 2025 in Ludwigsburg

Price

€ 2,400

Early booking discount

If you register 8 weeks prior to the start of the training, you will receive an early booking discount of 5 %.

Your Contact Person

Search
Search