Web applications are the source of many security vulnerabilities. Because of this, many web developers try to lock down the security of their web applications. However, not all of them do it correctly or completely, leaving certain avenues of attack still open. The Advanced Web Exploitation course explores how to search for, find, and exploit these hard-to-find vulnerabilities. At the end of this course, students will understand the shortcomings of incomplete fixes to these vulnerabilities. They will also understand how these vulnerabilities might manifest themselves and how to modify their attack strategy to compensate.
Learning Objectives
Evade common incomplete filters to achieve the basic attacks|String multiple attacks together to achieve a more difficult objective|Recon Tools|Detecting and Exploiting Hard to Find SQL injections|Advanced Sqlmap|Manual Blind SQL Injection|NoSQL Injection|Cross Site Scripting Filter Evasion|Exploiting Misconfigured CORS|Advanced OS Command Injection|Advanced Local File Inclusion|Advanced CSRF|XXE to Obtain Arbitrary Files|Out of Band XXE Attacks|Server Side Request Forgery|Insecure Deserialization in Python and Java
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Work Roles
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.