“THE ART OF HACKING” First Training
On 29th September, 2018 Enciphers conducted a training on WEB APPLICATION HACKING – BASIC LEVEL as a part of the training series “The Art Of Hacking”
It was a full day hands on training where everyone got to learn about web application Hacking , how to start with bug bounties , write good reports , things that should be avoided while doing bug-bounties and the most important thing different approach of finding vulnerabilities with higher impact.
The training agenda was designed in such a way so that people just starting their career in web application security can understand the basic concepts and improvise as we move ahead to advanced concepts. All the attendees did hands on practical of some of the concepts, in a customised virtual machine provided.
During the workshop attendees learned about the basics of web application, about DNS stuff , burp suite and Recon, how to find “easy money bugs” Where to look for bugs like XSS , CSRF, Access Control & improper session management issues, Insecure subdomain & hidden insecure files. In one of the module high paying bugs were covered where attendees learned about IDOR , MFA bypass, password reset issues, session management issues etc. There were lots of interesting test cases were shared with attendees, which were found in penetration tests done by Penetration testing team of ENCIPHERS.
Some of the pictures from the training session are below. Are you in these pictures? If not, then you should 🙂
You can find some of the content used in this training here.