Web applications are the source of many security vulnerabilities. Because of this, many web developers try to lock down the security of their web applications. However, not all of them do it correctly or completely, leaving certain avenues of attack still open. The Advanced Web Exploitation course explores how to search for, find, and exploit these hard-to-find vulnerabilities. At the end of this course, students will understand the shortcomings of incomplete fixes to these vulnerabilities. They will also understand how these vulnerabilities might manifest themselves and how to modify their attack strategy to compensate.
Learning Objectives
Evade common incomplete filters to achieve the basic attacks|String multiple attacks together to achieve a more difficult objective|Recon Tools|Detecting and Exploiting Hard to Find SQL injections|Advanced Sqlmap|Manual Blind SQL Injection|NoSQL Injection|Cross Site Scripting Filter Evasion|Exploiting Misconfigured CORS|Advanced OS Command Injection|Advanced Local File Inclusion|Advanced CSRF|XXE to Obtain Arbitrary Files|Out of Band XXE Attacks|Server Side Request Forgery|Insecure Deserialization in Python and Java
Framework Connections
Competency Areas
Work Roles
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.