reddit hackernews mail facebook facebook linkedin

Advanced hacking & web application security

An intensive 2-day training designed for professionals with a solid foundation in web security. It delves into advanced vulnerabilities and equips participants with the skills to identify, exploit, and mitigate complex security issues in web applications.


Advanced hacking & web application security

Targeted audience:

  • Web developers
  • System administrators
  • Dev(Sec)Ops engineers
  • Any cybersecurity enthusiasts

Educational goals:

  • Identify and exploit advanced web vulnerabilities
  • Understand complex attack vectors like SSRF, XXE, and prototype pollution
  • Evaluate risks linked to third-party components and infrastructure
  • Apply secure coding practices to mitigate real-world threats

Prerequisites:

  • Basic knowledge of web development (HTML, CSS, JavaScript)
  • Familiarity with web protocols (HTTP, HTTPS)
  • Experience with using command-line tools
  • Familiar with basic web vulnerabilities (XSS, CSRF, SQLi…), see the beginner course

Program:

Day 1

  • Carriage Return Line Feed injection (CRLF)
  • Second order bugs
  • Prototype pollution
  • postMessage
  • Server-Side Request Forgery (SSRF)

Day 2

  • Dependency confusion
  • Subdomain takeover
  • JSON Web Token security (JWT)
  • XML External Entity injection (XXE)
  • Emails security



Gwendal Le Coguic - contact@glc.st - quotes on request - SIRET 79778302400038