MOM Cultural Center, Budapest // 6-7th October 2022
2022-10-06 08:00:00
GET YOUR TICKET
TRAINING

Web Hacking Expert: Full-Stack Exploitation Mastery Training

dawid czagan

TRAINER: DAWID CZAGAN

/ IT Security Researcher & Trainer

Dawid Czagan (@dawidczagan) is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid Czagan is a founder and CEO at Silesia Security Lab – a company which delivers specialized security testing and training services. He is also an author of online security courses.

Web Hacking Expert: Full-Stack Exploitation Mastery Training

DURATION:

5+2 hours

DATE OF THE ONLINE COURSE

Based on consultation

PURCHASE THIS TRAINING

ACCESS TO COURSE FILES:

Lifetime

AVAILABILITY:

Online

CONTACT US VIA E-MAIL

OVERVIEW

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique online training, and take your professional pentesting career to the next level.

I have found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this online training I will share my experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively.

 

THIS ONLINE TRAINING IS COMPOSED OF

Almost 5 hours of high-quality video courses with lots of recorded demos (LIFETIME access; the courses are listed below)

• 2 hours of live online training support (you can ask any questions you have about the attacks presented in the video courses and finding security bugs in companies like Google, Yahoo, Mozilla, Twitter)

Almost 5 hours of high-quality video courses with lots of recorded demos

You will get lifetime access to these 5 video courses:

 

  1. Bypassing Content Security Policy in Modern Web Applications
  • Introduction
  • Bypassing CSP via ajax.googleapis.com  (FREE VIDEO)
  • Bypassing CSP via Flash File
  • Bypassing CSP via Polyglot File
  • Bypassing CSP via AngularJS

 

  1. Hacking Web Applications via PDFs, Images, and Links
  • Introduction
  • Token Hijacking via PDF  (FREE VIDEO)
  • XSS via Image
  • User Redirection via window.opener Tabnabbing

 

  1. Hacking AngularJS Applications
  • Introduction
  • AngularJS: Template Injection and $scope Hacking  (FREE VIDEO)
  • AngularJS: Going Beyond the $scope
  • AngularJS: Hacking a Static Template
  • Summary

 

  1. Exploiting Race Conditions in Web Applications
  • Introduction
  • Exploiting Race Conditions – Case 1  (FREE VIDEO)
  • Exploiting Race Conditions – Case 2
  • Case Studies of Award-Winning Race Condition Attacks

 

  1. Full-Stack Attacks on Modern Web Applications
  • Introduction
  • HTTP Parameter Pollution  (FREE VIDEO)
  • Subdomain Takeover
  • Account Takeover via Clickjacking

 

Lifetime access to these 5 video courses will be granted before participating in the live online training session. More information can be found in the section ”What students will receive”.

 

2 HOURS OF LIVE TRAINING SUPPORT

  • Is anything not clear after watching the video courses? No worries, I am here to help you! You can ask any questions you have about the attacks presented in the videos.
  • Do you want to take your professional pentesting career to the next level and have some questions? No problem, ask me anything you want!
  • Are you looking for some advice on how to find security bugs in companies like Google, Yahoo, Mozilla, Twitter (bug bounty programs)? Ask your question and I will do my best to help you.

 

WHAT STUDENTS SHOULD KNOW

  • Common web application vulnerabilities

 

WHAT STUDENTS WILL LEARN

  • Become a web hacking expert
  • Dive into full-stack exploitation of modern web applications
  • Learn how hackers can bypass Content Security Policy (CSP)
  • Discover how web applications can be hacked via PDFs, images, and links
  • Explore how hackers can steal secrets from AngularJS applications
  • Check if your web applications are vulnerable to race condition attacks
  • Learn about HTTP parameter pollution, subdomain takeover, and clickjacking
  • Discover step by step how all these attacks work in practice (DEMOS)
  • Take your professional pentesting career to the next level
  • Learn from one of the top hackers at HackerOne

 

WHAT STUDENTS WILL RECIEVE

Students will receive lifetime access to almost 5 hours of high-quality video courses with lots of recorded demos (hosted on the 3rd party platform Grinfer; subject to terms of use and privacy policy). The access link will be sent after subscribing to my newsletter and before participating in the live online training session (during the live online training session, there will be time to ask questions about the attacks presented in the video courses – training support for the video courses).

 

WHAT STUDENTS SAY ABOUT THIS TRAINING

References are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions) – training participants from companies such as Oracle, Adobe, ESET, ING, …

PURCHASE THIS TRAINING