TRAINER: DAWID CZAGAN
/ IT Security Researcher & Trainer
Dawid Czagan (@dawidczagan) is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his security bug hunting experience in his hands-on trainings “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is a founder and CEO at Silesia Security Lab – a company which delivers specialized security testing and training services. He is also an author of online security courses. To find out about the latest in Dawid Czagan’s work, you are invited subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan) and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
DURATION:
DURATION: Video Courses (5 hours) + Live Online Training Support (2 hours)
DATE OF THE ONLINE COURSE
Based on consultation with all students
ACCESS TO COURSE FILES:
Lifetime
AVAILABILITY:
Online
OVERVIEW
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique online training, and take your professional pentesting career to the next level.
I have found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this online training I will share my experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively.
THIS ONLINE TRAINING IS COMPOSED OF
• Almost 5 hours of high-quality video courses with lots of recorded demos (LIFETIME access; the courses are listed below)
• 2 hours of live online training support (you can ask any questions you have about the attacks presented in the video courses and finding security bugs in companies like Google, Yahoo, Mozilla, Twitter)
Almost 5 hours of high-quality video courses with lots of recorded demos
You will get lifetime access to these 5 video courses:
- Bypassing Content Security Policy in Modern Web Applications
- Introduction
- Bypassing CSP via ajax.googleapis.com (FREE VIDEO)
- Bypassing CSP via Flash File
- Bypassing CSP via Polyglot File
- Bypassing CSP via AngularJS
- Hacking Web Applications via PDFs, Images, and Links
- Introduction
- Token Hijacking via PDF (FREE VIDEO)
- XSS via Image
- User Redirection via window.opener Tabnabbing
- Hacking AngularJS Applications
- Introduction
- AngularJS: Template Injection and $scope Hacking (FREE VIDEO)
- AngularJS: Going Beyond the $scope
- AngularJS: Hacking a Static Template
- Summary
- Exploiting Race Conditions in Web Applications
- Introduction
- Exploiting Race Conditions – Case 1 (FREE VIDEO)
- Exploiting Race Conditions – Case 2
- Case Studies of Award-Winning Race Condition Attacks
- Full-Stack Attacks on Modern Web Applications
- Introduction
- HTTP Parameter Pollution (FREE VIDEO)
- Subdomain Takeover
- Account Takeover via Clickjacking
Lifetime access to these 5 video courses will be granted before participating in the live online training session. More information can be found in the section ”What students will receive”.
2 HOURS OF LIVE TRAINING SUPPORT
- Is anything not clear after watching the video courses? No worries, I am here to help you! You can ask any questions you have about the attacks presented in the videos.
- Do you want to take your professional pentesting career to the next level and have some questions? No problem, ask me anything you want!
- Are you looking for some advice on how to find security bugs in companies like Google, Yahoo, Mozilla, Twitter (bug bounty programs)? Ask your question and I will do my best to help you.
WHAT STUDENTS SHOULD KNOW
- Common web application vulnerabilities
WHAT STUDENTS WILL LEARN
- Become a web hacking expert
- Dive into full-stack exploitation of modern web applications
- Learn how hackers can bypass Content Security Policy (CSP)
- Discover how web applications can be hacked via PDFs, images, and links
- Explore how hackers can steal secrets from AngularJS applications
- Check if your web applications are vulnerable to race condition attacks
- Learn about HTTP parameter pollution, subdomain takeover, and clickjacking
- Discover step by step how all these attacks work in practice (DEMOS)
- Take your professional pentesting career to the next level
- Learn from one of the top hackers at HackerOne
WHAT STUDENTS WILL RECIEVE
Students will receive lifetime access to almost 5 hours of high-quality video courses with lots of recorded demos (hosted on the 3rd party platform Grinfer; subject to terms of use and privacy policy). The access link will be sent after subscribing to my newsletter and before participating in the live online training session (during the live online training session, there will be time to ask questions about the attacks presented in the video courses – training support for the video courses).
WHAT STUDENTS SAY ABOUT THIS TRAINING
References are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions) – training participants from companies such as Oracle, Adobe, ESET, ING, …