7 Hands-On Exercises
Is your web application secure?
The vast majority of cyber attacks are relatively easy to defend – yet most web applications remain vulnerable.
In fact many developers aren’t even aware of how simple these attacks are to execute.
Spoiler alert: It's really, really easy.
Learn to Hack. Protect your App.
Art Kay, CEO of Secure Web Solutions LLC, has more than 20 years experience as a web application developer and nearly 10 years experience as a penetration tester.
Gain a deep understanding of common attacks -- then use that knowledge to protect your own web applications.
Why this course?
Some courses teach you offensive-security tactics, but most don't focus on web applications and over-rely on automated tools.
Other courses highlight defensive-security content like the OWASP Top Ten, but these often fail to explain common attacks and vulnerabilities frequently found during penetration tests.
This course blends offensive- and defensive-security strategies, providing real-world advice and hands-on experience.
What will you learn?
We’ll cover hacking theory from start-to-finish, including approaches for building threat models and exploiting vulnerabilities: everything from XSS to SQL injections to brute-force attacks and more!
Be prepared to learn, laugh, and cry as we explore security flaws common to both legacy and modern web applications. By learning how to hack, you'll also be learning what countermeasures are necessary to protect your own applications!
You'll walk away from this workshop with:
- a deep understanding of application architectures and threat models,
- a detailed understanding of OWASP best practices, and
- specific countermeasures to keep your web applications secure
Let's build a safer, more secure web together!
NOTE: VIP Subscription to HackTheBox required to follow-along with some examples. (Not included, roughly $14/month USD. Watch "Pre-Requisites" below!)
Learn Hacking Theory
You'll learn a variety of concepts and tools enabling us to hack our way into vulnerable web applications, including: nmap, nikto, Burp Suite, and gobuster!
Develop hands-on experience with industry tools and gain a deep understanding of OWASP best practices.
Modern Web Technology
Build threat models against web applications running React and Angular, then exploit their vulnerabilities. Learn counter-measures to protect your apps!
Is this course for me?
This course was created to provide software developers actionable advice necessary to build secure web applications.
No specific experience as a developer is necessary, though a general familiarity with web technology (HTML, JS, cloud, etc) and related tools will come in handy and make this session more meaningful.
Penetration testers looking to strengthen their skills in assessing and attacking web applications will also find value in this course.
Don't know what the "command line" is? You may want to take a primer on that first.