Courses

Learn more about the training offered at INFILTRATE

IMMUNITY: Web Hacking

Immunity’s Web Hacking class has a heavy emphasis with hands-on-learning, going in-depth on XSS, SQLi, XXE and Web Crypto. The token system has been improved from previous years, which allows us to track how each individual student is performing in class and indicates if a student could use extra help with a particular subject. The token system also allows for students to compete for the top score (often for fabulous prizes). Come to Web Hacking and receive instruction from members of Immunity’s senior consulting team!

Class Requirements

  • Linux-based VM image (Xubuntu 18.04) will be provided with a wide range of software that you may find useful.
  • The host should have a free-trial version of VMWare Workstation Pro (Windows/Linux) or VMware Fusion Pro (MacOS) installed.
  • 8GB of RAM is recommended for the VM, however, 4GB is more than enough.
  • Each student will have root access on the VM to install preferred software with some restrictions to be discussed in class.
  • The training VM will be connecting to the class environment running on the 192.168.1.0/24 network range. Please make sure your local network does not share the same range, since this may cause problems when connecting.
  • The streaming solution and communication platform will be communicated closer to the training date.

Download VMware Workstation Pro
Download VMware Fusion Pro

Course Information

Date: October 11th - October 14th
Course Fee: $4,900
CPE Credits: 28

View the Conference Calendar

More Infiltrate Courses

If you are trying to determine which course is best suited for you, email us at infiltrate@immunityinc[dot]com and we will assist you.

See all the courses

Syllabus

Course Length: 4 Days

DAY 1 - INTRODUCTION TO XSS

  • Reflected XSS
  • Stealing cookies
  • Stealing the DOM
  • Persistent XSS
  • DOM based XSS
  • CSRF
  • Filter evasion
  • Client side template injection

DAY 2 - COMMAND INJECTION AND XXE/XSLT ATTACKS

  • Command injection into the Linux shell
  • Command injection into modern Windows
  • Blind command injection
  • Sighted XXE attacks
  • Blind / Out-of-band data retrieval with XXE
  • XSLT Injection

DAY 3 - SQL INJECTION

  • Sighted SQL Injection
  • Error based blind SQL Injection
  • Time based blind SQL Injection
  • Authoring SQL Injection automation tools

DAY 4 - WEB CRYPTO

  • ECB
  • CBC
  • Padding Oracles

Note: Syllabus is subject to change

Infiltrate Sponsors

Register Now

Please don’t be one of those people who registers at the last minute after all the tickets have been sold!

Join us at the conference

Training & Workshops

Learn more about the technical training and workshops offered at INFILTRATE

Attend a session