Full-Stack Attacks on Modern Web Applications

Description

Web application security is not only about XSS and SQL injection. Professional penetration testers and red team members must learn about full-stack attacks on modern web applications and I created this course to help you on this journey.

In this course, you will learn about 3 powerful attacks. First, I'll show you how an attacker can bypass authorization via HTTP parameter pollution. Next, I'll present how the attacker can launch a subdomain takeover attack. Finally, I'll demonstrate how the attacker can take over a user’s account via clickjacking.

** For every single attack presented in this course there is a demo ** so that you can learn step by step how these attacks work in practice. You'll also learn how to check if your web applications are vulnerable to these attacks. I hope this sounds good to you and I can’t wait to see you in the class.

• Case #1:  HTTP Parameter Pollution – Part 1

• Case #1:  HTTP Parameter Pollution – Part 2

• Case #2: Subdomain Takeover – Part 1

• Case #2: Subdomain Takeover – Part 2

• Case #3: Account Takeover via Clickjacking – Part 1

• Case #3: Account Takeover via Clickjacking – Part 2
  

Note: you can get paid for these bugs in bug bounty programs.

What You Will Learn!

• Dive into full-stack attacks on modern web application
• Learn how an attacker can bypass authorization via HTTP parameter pollution
• Explore how the attacker can launch a subdomain takeover attack
• Discover how the attacker can take over a user’s account via clickjacking
• Learn step by step how all these attacks work in practice (DEMOS)
• Check if your web applications are vulnerable to these attacks
• Become a successful penetration tester / red team member / ethical hacker
• Learn from one of the top hackers at HackerOne

Who Should Attend!

• Penetration testers, red team members, ethical hackers, bug hunters, security engineers / consultants

TAKE THIS COURSE