Offsec -Advanced Web Attacks And Exploitation Web Application Security Training(AWAE)

Actual Cost Of Course Is 1400$ (u can Google)

????COURSE OVERVIEW & SYLLABUS???? AWAE is not a course focused on black box methodology. You will be learning white box web app pentest methods. The bulk of your time will be spent analyzing source code, decompiling Java, debugging DLLs, manipulating requests, and more, using tools like Burp Suite, dnSpy, JD-GUI, Visual Studio, and the trusty text editor. The course covers the following topics in detail. For a more complete breakdown of the course topics, please refer to the AWAE syllabus.

1. Persistent Cross-Site Scripting
2. Session Hijacking 3 .NET Deserialization 4 Data Exfiltration 5 Bypassing File Extension Filters 6 Magic Hashes 7 PostgreSQL Extension and User Defined Functions 8 Bypassing REGEX restrictions 9 Cross-Site Request Forgery 10 Type Juggling 11 Blind SQL Injection 12 Bypassing File Upload Restrictions 13 Loose Comparisons 14 Bypassing Character Restrictions 15 PostgreSQL Large Objects 16 Debugging .NET Assemblies 17 COURSE PREREQUISITES

Advanced Web Attacks and Exploitation expects students have the following before starting the course:

Familiarity with coding languages: Java, .NET, JavaScript, Python Familiarity with Linux: file permissions, navigation, editing, and running scripts Ability to write simple Python / Perl / PHP / Bash scripts Experience with web proxies, such as Burp Suite and similar tools General understanding of web app attack vectors, theory, and practice (covered in PWK) WHAT COMPETENCIES WILL YOU GAIN? Performing advanced web app source code auditing Analyzing code, writing scripts, and exploiting web vulnerabilities Implementing multi-step, chained attacks using multiple vulnerabilities Using creative and lateral thinking to determine innovative ways of exploiting web vulnerabilities SUPPORTING YOUR ONLINE JOURNEY 1. 6-hour video series 2. 270-page course guide 3. Active student forums 4.Access to virtual lab environment