Full-Stack Attacks on Modern Web Applications
Learn About HTTP Parameter Pollution, Subdomain Takeover, and Advanced Clickjacking
Ratings 5.00 / 5.00
What You Will Learn!
- Dive into full-stack attacks on modern web application
- Learn how an attacker can bypass authorization via HTTP parameter pollution
- Explore how the attacker can launch a subdomain takeover attack
- Discover how the attacker can take over a user’s account via clickjacking
- Learn step by step how all these attacks work in practice (DEMOS)
- Check if your web applications are vulnerable to these attacks
- Become a successful penetration tester / red team member / ethical hacker
- Learn from one of the top hackers at HackerOne
Description
Web application security is not only about XSS and SQL injection. Professional penetration testers and red team members must learn about full-stack attacks on modern web applications and I created this course to help you on this journey.
In this course, you will learn about 3 powerful attacks. First, I'll show you how an attacker can bypass authorization via HTTP parameter pollution. Next, I'll present how the attacker can launch a subdomain takeover attack. Finally, I'll demonstrate how the attacker can take over a user’s account via clickjacking.
** For every single attack presented in this course there is a demo ** so that you can learn step by step how these attacks work in practice. You'll also learn how to check if your web applications are vulnerable to these attacks. I hope this sounds good to you and I can’t wait to see you in the class.
Case #1: HTTP Parameter Pollution – Part 1
Case #1: HTTP Parameter Pollution – Part 2
Case #2: Subdomain Takeover – Part 1
Case #2: Subdomain Takeover – Part 2
Case #3: Account Takeover via Clickjacking – Part 1
Case #3: Account Takeover via Clickjacking – Part 2
Note: you can get paid for these bugs in bug bounty programs.
Who Should Attend!
- Penetration testers, red team members, ethical hackers, bug hunters, security engineers / consultants