Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique video training, and take your professional pentesting career to the next level.
Dawid Czagan has found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this video training he will share his experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively.
Almost 5 hours of high-quality video courses with lots of recorded demos.
You will get LIFETIME access to these 5 video courses:
- Bypassing Content Security Policy in Modern Web Applications
- Bypassing CSP via ajax.googleapis.com (FREE VIDEO)
- Bypassing CSP via Flash File
- Bypassing CSP via Polyglot File
- Bypassing CSP via AngularJS
- Hacking Web Applications via PDFs, Images, and Links
- Token Hijacking via PDF (FREE VIDEO)
- XSS via Image
- User Redirection via window.opener Tabnabbing
- Hacking AngularJS Applications
- AngularJS: Template Injection and $scope Hacking (FREE VIDEO)
- AngularJS: Going Beyond the $scope
- AngularJS: Hacking a Static Template
- Exploiting Race Conditions in Web Applications
- Exploiting Race Conditions – Case 1 (FREE VIDEO)
- Exploiting Race Conditions – Case 2
- Case Studies of Award-Winning Race Condition Attacks
- Full-Stack Attacks on Modern Web Applications
- HTTP Parameter Pollution (FREE VIDEO)
- Subdomain Takeover
- Account Takeover via Clickjacking
More information can be found in the section ”What students will receive”.
What students should know
- Common web application vulnerabilities
What students will learn
- Become a web hacking expert
- Dive into full-stack exploitation of modern web applications
- Learn how hackers can bypass Content Security Policy (CSP)
- Discover how web applications can be hacked via PDFs, images, and links
- Explore how hackers can steal secrets from AngularJS applications
- Check if your web applications are vulnerable to race condition attacks
- Learn about HTTP parameter pollution, subdomain takeover, and clickjacking
- Discover step by step how all these attacks work in practice (DEMOS)
- Take your professional pentesting career to the next level
- Learn from one of the top hackers at HackerOne
What students will receive
What students say about Dawid’s trainings
References are attached to Dawid’s LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions) – training participants from companies such as Oracle, Adobe, ESET, ING, …
Dawid Czagan (@dawidczagan) is an internationally recognised security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he has received numerous awards for his findings.
Dawid Czagan shares his security bug hunting experience in his hands-on trainings “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is a founder and CEO at Silesia Security Lab – a company which delivers specialised security testing and training services. He is also an author of online security courses. To find out about the latest in Dawid Czagan’s work, you are invited subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan) and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).