HackerOne bug hunters have earned over $100 million in bug bounties thus far. Some of HackerOne customers include the United States DoD, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the top all-time HackerOne bug hunters.
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full stack exploitation master.
Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What’s more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.
Learning Objectives
REST API hacking
AngularJS-based application hacking
DOM-based exploitation
Bypassing Content Security Policy
Server-side request forgery
Browser-dependent exploitation
DB truncation attack
NoSQL injection
Type confusion vulnerability
Exploiting race conditions
Path-relative stylesheet import vulnerability
Reflected file download vulnerability
Subdomain takeover
XML attacks
Deserialization attacks
HTTP parameter pollution
Bypassing XSS protection
Clickjacking attack
window.opener tabnabbing attack
RCE attacks
and more...
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Vulnerability Assessment and Management
- Exploitation Analysis
- Training, Education, and Awareness
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.