(Registration Open) Web Application Hacking – Pro Level

  • Training Name: Web Application Hacking – Pro Level
  • Training Date: 18th-19th January 2020
  • Training Venue: Classroom Venue will be in New Delhi (NCR), India. Exact address to be shared with registered delegates.
  • Training Fee (Exclusive Of Taxes): 
    • – Early Bird Access (Virtual Conferencing): 18,000 INR | 300 USD
    • – Virtual Conferencing: 22,000 INR | 350 USD 
    • – Early Bird Access (Classroom Access): 20,000 INR
    • – Classroom Access: 24,000 INR
  • Need Discount?
    • Only group registration discount is available. Please email us at training@enciphers.com.
  • Unique benefits of this training: 
      1. Two days training on advanced level attacks on web applications.
      2. Access to a specifically designed virtual private server (for the training duration)
      3. Access to one of the best web application penetration testing lab. 
      4. Access to separate channel for asking questions and taking help.
      5. No virtual machine set up needed. 
  • Training Agenda:
    • Module 1 – Bug Hunter’s VPS :
      – What is unique about the VPS?
      – Walkthrough of the VPS:
      – ENCIPHER pentest/bug bounty guides & tutorials
      – VPS tools and how to use them
      – Other resources available on VPS: payloads, onlines tools, etc
      – Accessing your personal VPS via SSH/Remote desktop
      – How to make best use of Bug Hunter’s VPS.
    • Module 2 – Input Validation Issues:
      – REST API with JSON & XML inputs
             – XML injection
             – XXE
             – Other API related vulnerabilities
             – SQL injection in API
      – Server Side Request Forgery
             – How to test for SSRF
             – SSRF exploitation scenarios, SSRF to AWS compromise
             – Using tools and guide on VPS to find SSRF
      – Pentesting GraphQL
      – Finding and exploiting SQL injections
    • Module 3 – Remote Code Execution:
      – What is RCE? How to find it? Approach to find RCE in bug bounty or pentests.
      – Some easy to find RCE, earning huge bounty for you.
      – Using Metasploit and public exploits for finding RCE
      – How to report RCE in the best way?
    • Module 4 – Authentication Vulnerabilities:
      – How does authentication work? What all types of authentication are generally used these
      days?
      – Finding vulnerabilities in each of those authentication flow. (SAML, JWT, Cookie)
    • Module 5 – Some more action: 
      • – Cross Site Scripting
        • – Reflected | Stored | Blind XSS 
      • – Multi Factor Authentication & Bypass 
      • – Other common web vulnerabilities
    • Module 6 – Let’s build some approach
      – Attacking authentication flow of the app
             – Login page testing
             – API based authentication and possible security issues
             – Testing Password reset function
      – Testing the app for Access control:
             – Where to look for those issues?
             – What are the possible vulnerabilities? IDOR, Access control missing etc.
      – Testing each feature/functionality:
             – Input validation issues
             – XSS/XXE/SSRF/SQLi etc
             – RCE via known vulnerable software version
             – RCE via misconfigurations
             – Privilege escalations
 Training Prerequisites:
      1. Laptop with admin/root privileges
      2. SSH capability 
      3. Basics of Burp Suite Proxy
      4. Basics of web application security, OWASP Top 10
 Terms and Conditions:
  • – All rates are exclusive of taxes.
  • – All tickets are non-refundable. 
  • – Payment gateway charges applicable additionally.
  • – ENCIPHERS reserves the right to cancel the training in case of less no. of registrations, ENCIPHERS will inform the attendees at least one weeks before the actual training date in that case.
  • – When registering, you explicitly agree to our Terms and Conditions, which may be modified by us from time to time and available here.
  • – Registration fees do not include the cost of travel and lodging. All delegates are requested to make their arrangements and any associated fees for any other availability of services.