Cyber School - School for professionals in cyber space.

About us

Learn with us

Team

Our projects

Contact us

Web Application Security

Web application security - is an entirely practice-oriented course that is aimed at:
► Identifying,
► Potential project damage assessment,
► Fixing the vulnerabilities using different methods

We're not willing to make you a "one-button hacker", but do our best to provide you with the necessary skills and knowledge to conduct real research and penetration testing

Here is what you will learn during the course:
► Exploit bugs from OWASP-10;
► Reveal bugs using white and black boxes;
► Analyze the code security correctly and efficiently;
► Integrate practices of secure development.

Who would find the course useful:
► Web Developers. The course help to understand the evil core of the essence of bugs appearing in the code;
► future pentesters. The course would help to understand the main principles and skills of web application audits and get a real-life experience in it;
► DevOps engineers. The course would help them build secure infrastructure and automate the identification and prediction of the vulnerabilities;
► Empoyers. The course would help them to increase the safety of commercial data of the company

The courses will take place every Tuesday and Thursday at 7 PM, online

Date

18th of February

Duration

1 місяць

Available places

30 places

Price (without VAT)

6500 UAH

Course Schedule:

Module 1 Injection

Basic understanding of the attack vector
SQL injection / Blind SQL injection
SQLmap assistant review
OS command injection
HTML injection
Other injection types (NoSQL, LDAP injection, template injection)
Means of protection

Module 2 Broken Authentication.

Basic understanding of the attack vector
Search information about logins, lengths and consistency of passwords
Simple brute forcing of the logins and/or passwords
Attack on the one-time password
Means of protection against brute force
Means of the the anti-brute force protection bypassing
Session hijacking
2 Factor Authentificcation. Bypassing vectors
Offline password hacks. Rainbow tables. Creation of a homemade password hacking farm
Errors in password hacks realization

Module 3 Sensitive Data Exposure

General understanding of the vulnerability
Information reveal via error messages
Information reveal via comments, robots.txt, sitemap.xml
Information and source code reveal via system and publicly available backups
Elastic Search - what it is and why it's so many potential data breaches related to it
Information reveal via version control systems
Information reveal via API (front end frameworks)

Module 4 XML External Entities (XXE)

General understanding of the vulnerability
Content retrieving from random files
SSRF attack via XXE
XXE attack using the external malware DTD
XXE via file upload
Means of protection

Module 5 Broken Access Control

General Understanding of the vulnerability
Unprotected admin panel. Basics of the gobuster assistant
Indentifying the user's role via request parameters or cookies
User roles change via profile
Insecure direct object references (IDOR)
Referrer- dependent access rights
How to text your product on YOU using BurpSuite

Module 6 Security Misconfiguration

General understanding of the vulnearbility
Stadand logins and passwords
Directory listing available
Publicly available phpinfo
Configuration mod ON, too detailed error reports
What are the threats of revealing the software versions. Wappalyzer plugin
Means of protection

Module 7 Cross-Site Scripting XSS

General undesrtanding of the vulnerability
Reflected XSS
Strored XSS
DOM XSS
Blind XSS. XSS Hunter review
Examples of what can be done using the XSS exploits. Demostration of the BeEF Framework
Means of protection

Module 8 Insecure Deserialization

General understanding of the vulnerability
Serialised objects modifications
Types of data modifications
PHP objects injection
Real case with HackerOne vulnerability

Module 9 Using Components with Known Vulnerabilities.

General understanding of the vulnerability
How to research for versions (nmap and manual methods)
Why Word Press isn't a thing to be trusted
What is CVE and where to look for information
Means of protection

Module 10 Insufficient Logging & Monitoring

Problem statement or "Why the fact of attack can be unnoticed for years?"
"Protective" software classification
Web Application Firewall (WAF)
Means of penetration identification (OSSEC)
Means of protection from penetration (OpenVAS)
Security isn't a product, it's a process
How to store logs correctly in distributed systems (Kibana)
Commercial means of protection

Module 11 Instead of conclusion

Real web application development point of view. Why some of the vulnerabilities become a rare case

Register as a participant of the course by submitting the form