This course introduces application security testing, focusing on fundamental tradecraft and vulnerability exploitation. Topics of interest include web application reconnaissance, reflected, stored, and DOM-based cross-site scripting (XSS), secure session and cookie management, cross-site request forgery (CSRF), SQL injection, and SQL injection. The course will incorporate a balance of web application security theory and hands-on lab exercises, beginning with basic zero-touch techniques and culminating in achieving both server- and client-side remote code execution.

Prereqs: This is a professional series course. It is highly recommended students take and complete Pentesting 101 & Pentesting 102 before taking this course. 

Status: Pre-Order December 20th, 2023

Course Author: Gabriel Ryan @s0lst1c3 / hackn.com

Format: Digital Learn-On-Demand (4-5hrs)

High-Level Outline

• Section 1: Introductions
• Section 2: Introduction to Web Application Pentesting
• Section 3: Information Gathering
• Section 4: Cross-Site Scripting (XSS)
• Section 5: Basic SQL Injections - Part 1
• Section 6: Basic SQL Injections - Part 2
• Section 7: Conclusion

Disclaimer - Our courses and the skills taught within are designed for authorized/legal security testing, and ethical hacking only. By watching you agree not to use any of the skills, tools, techniques, or tradecraft for any illicit purposes.