DeepSec 2023 Workshop: Web Hacking Expert: Full-Stack Exploitation Mastery [Video Training, Lifetime Access] – Dawid Czagan
Watch the trailer for your training!
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique video training, and take your professional pentesting career to the next level.
Dawid Czagan has found security bugs in many companies, including Google, Yahoo, Mozilla, Twitter, and in this video training he will share his experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively.
Almost 5 hours of high-quality video courses with lots of recorded demos
You will get lifetime access to these 5 video courses:
- Bypassing Content Security Policy in Modern Web Applications
– Introduction
– Bypassing CSP via ajax.googleapis.com (FREE VIDEO)
– Bypassing CSP via Flash File
– Bypassing CSP via Polyglot File
– Bypassing CSP via AngularJS
- Hacking Web Applications via PDFs, Images, and Links
– Introduction
– Token Hijacking via PDF (FREE VIDEO)
– XSS via Image
– User Redirection via window.opener Tabnabbing
- Hacking AngularJS Applications
– Introduction
– AngularJS: Template Injection and $scope Hacking (FREE VIDEO)
– AngularJS: Going Beyond the $scope
– AngularJS: Hacking a Static Template
– Summary
- Exploiting Race Conditions in Web Applications
– Introduction
– Exploiting Race Conditions – Case 1 (FREE VIDEO)
– Exploiting Race Conditions – Case 2
– Case Studies of Award-Winning Race Condition Attacks
- Full-Stack Attacks on Modern Web Applications
– Introduction
– HTTP Parameter Pollution (FREE VIDEO)
– Subdomain Takeover
– Account Takeover via Clickjacking
What students should know
- Common web application vulnerabilities
What students will learn
- Become a web hacking expert
- Dive into full-stack exploitation of modern web applications
- Learn how hackers can bypass Content Security Policy (CSP)
- Discover how web applications can be hacked via PDFs, images, and links
- Explore how hackers can steal secrets from AngularJS applications
- Check if your web applications are vulnerable to race condition attacks
- Learn about HTTP parameter pollution, subdomain takeover, and clickjacking
- Discover step by step how all these attacks work in practice (DEMOS)
- Take your professional pentesting career to the next level
- Learn from one of the top hackers at HackerOne
What students will receive
Students will receive lifetime access to almost 5 hours of high-quality video courses with lots of recorded demos (hosted on the 3rd party platform Grinfer; subject to terms of use and privacy policy). The access link will be sent after subscribing to Dawid’s newsletter.
What students say about Dawid’s trainings
References are attached to Dawid’s LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions – training participants from companies such as Oracle, Adobe, ESET, ING, …
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan’s LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions.
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan) and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).