DeepSec Training: Black Belt Pentesting / Bug Hunting Millionaire – Mastering Web Attacks with Full-Stack Exploitation

René Pfeiffer/ August 19, 2019/ Conference, Training

Source: https://commons.wikimedia.org/wiki/File:Fingerprint_Loop.jpgWeb applications are gateways for users and attackers alike. Web technology is used to grant access to information, public and sensitive alike. The latest example is the Biostar 2 software, a web-based biometric security smart lock platform application. During a security test the auditors were able to access over 1 million fingerprint records, as well as facial recognition information. How can you defend against leaks like this? Well, you have to understand all layers of the application stack. Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say no to classic web application hacking. Join the training session at DeepSec 2019 and take advantage of Dawid Czagan’s unique hands-on exercises and become a full-stack exploitation master.

Dawid is very experienced and will teach you everything you need to know. By booking his class you will also get access to six further online courses preparing you for web attack and defence. After completing this training, you will have learned about:

  • REST API hacking
  • AngularJS-based application hacking
  • DOM-based exploitation
  • Bypassing Content Security Policy
  • Server-side request forgery
  • Browser-dependent exploitation
  • DB truncation attack
  • NoSQL injection
  • Type confusion vulnerability
  • Exploiting race conditions
  • Path-relative stylesheet import vulnerability
  • Reflected file download vulnerability
  • Subdomain takeover

The list is not complete. Modern web technology uses a lot of components, data formats, protocols, and programming languages. Make sure you keep up by registering for Dawid’s training now.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.