Skip Ribbon Commands
Skip to main content

WAH_TS - Web Application Hacking


Duration: 3 Days




Delivery Method:

Software Assurance Value:

Microsoft CPE:

Course Information

Course Description

​Did you know that hackers and cybercriminals out there can compromise your web applications and servers with nothing more than a web browser and a few publically available tools?

You will learn how to identify the vulnerabilities that affect the majority of the web apps today, how to exploit them in order to compromise the web server, and how to expand your influence by compromising the infrastructure behind it and take control of the entire organization.

The training focuses on exercises and challenges based on real-world scenarios. You will start from simple tasks to understand the concepts, and continue with more complex challenges. At the end of the course, you will be able to perform the same attacks that are used to compromise major websites today.

Course Objectives

Course Audience

​Anyone interested in understanding and exploiting web application security flaws. Although the focus is on attacking web applications, this course is particularly valuable for (web) developers: being on the attacker's side will teach you how different coding choices reflect on the attack surface.

Course Outline

  •  Introduction
  • Technologies and tools
  • Procedures and methodologies: build the mindset
  • Real world hacking demos
  • Information gathering: observe the target and make a plan
  • SQL injection detection and exploitation
  • Other types of injections
  • Exploit Cross Site Scripting
  • Break access controls
  • Have the victim do it for you: Cross Site Request Forgery
  • Bypass client-side controls
  • Attack authentication and session management
  • Exploit back-end components
  • Attack application logic
  • Target the server
  • Put everything together, short review and summary

Course Prerequisites

​Web technologies, basic HTML, basic networking

Course Schedule
This course is not scheduled yet.