Full-Stack Attacks on Modern Web Applications
Dawid Czagan
59:07
Description
Learn About HTTP Parameter Pollution, Subdomain Takeover, and Advanced Clickjacking
What You'll Learn?
- Dive into full-stack attacks on modern web application
- Learn how an attacker can bypass authorization via HTTP parameter pollution
- Explore how the attacker can launch a subdomain takeover attack
- Discover how the attacker can take over a user’s account via clickjacking
- Learn step by step how all these attacks work in practice (DEMOS)
- Check if your web applications are vulnerable to these attacks
- Become a successful penetration tester / red team member / ethical hacker
- Learn from one of the top hackers at HackerOne
Who is this for?
What You Need to Know?
More details
DescriptionWeb application security is not only about XSS and SQL injection. Professional penetration testers and red team members must learn about full-stack attacks on modern web applications and I created this course to help you on this journey.
In this course, you will learn about 3 powerful attacks. First, I'll show you how an attacker can bypass authorization via HTTP parameter pollution. Next, I'll present how the attacker can launch a subdomain takeover attack. Finally, I'll demonstrate how the attacker can take over a user’s account via clickjacking.
** For every single attack presented in this course there is a demo ** so that you can learn step by step how these attacks work in practice. You'll also learn how to check if your web applications are vulnerable to these attacks. I hope this sounds good to you and I can’t wait to see you in the class.
Case #1: HTTP Parameter Pollution – Part 1
Case #1: HTTP Parameter Pollution – Part 2
Case #2: Subdomain Takeover – Part 1
Case #2: Subdomain Takeover – Part 2
Case #3: Account Takeover via Clickjacking – Part 1
Case #3: Account Takeover via Clickjacking – Part 2
Note: you can get paid for these bugs in bug bounty programs.
Who this course is for:
- Penetration testers, red team members, ethical hackers, bug hunters, security engineers / consultants
Web application security is not only about XSS and SQL injection. Professional penetration testers and red team members must learn about full-stack attacks on modern web applications and I created this course to help you on this journey.
In this course, you will learn about 3 powerful attacks. First, I'll show you how an attacker can bypass authorization via HTTP parameter pollution. Next, I'll present how the attacker can launch a subdomain takeover attack. Finally, I'll demonstrate how the attacker can take over a user’s account via clickjacking.
** For every single attack presented in this course there is a demo ** so that you can learn step by step how these attacks work in practice. You'll also learn how to check if your web applications are vulnerable to these attacks. I hope this sounds good to you and I can’t wait to see you in the class.
Case #1: HTTP Parameter Pollution – Part 1
Case #1: HTTP Parameter Pollution – Part 2
Case #2: Subdomain Takeover – Part 1
Case #2: Subdomain Takeover – Part 2
Case #3: Account Takeover via Clickjacking – Part 1
Case #3: Account Takeover via Clickjacking – Part 2
Note: you can get paid for these bugs in bug bounty programs.
Who this course is for:
- Penetration testers, red team members, ethical hackers, bug hunters, security engineers / consultants
User Reviews
Rating
Dawid Czagan
Instructor's Courses
Udemy
View courses Udemy- language english
- Training sessions 7
- duration 59:07
- Release Date 2024/02/15
