• Online, Instructor-Led
  • Classroom
Course Description

HackerOne bug hunters have earned over $100 million in bug bounties thus far. Some of HackerOne customers include the United States DoD, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the top all-time HackerOne bug hunters.

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full stack exploitation master.
Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What’s more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.

Learning Objectives

REST API hacking
AngularJS-based application hacking
DOM-based exploitation
Bypassing Content Security Policy
Server-side request forgery
Browser-dependent exploitation
DB truncation attack
NoSQL injection
Type confusion vulnerability
Exploiting race conditions
Path-relative stylesheet import vulnerability
Reflected file download vulnerability
Subdomain takeover
XML attacks
Deserialization attacks
HTTP parameter pollution
Bypassing XSS protection
Clickjacking attack
window.opener tabnabbing attack
RCE attacks
and more...

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Vulnerability Assessment and Management
  • Exploitation Analysis
  • Training, Education, and Awareness

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.