Check Point Advanced Web Hacking (HackingPoint)


Pris kr 33.000  Ekskl. moms
Varighed: 5 Dage
Lunch : Included
Courseware : Included
Delivery Type


Disse oplysninger findes også beregnet for intra-virksomhedsuddannelsen. Tøv ikke med at kontakte os for at få flere oplysninger


This curriculum continues the Art of Web Hacking series

This class is available remotely to all Check Point customers and partners. Check Point also offers the class on-site. The on-site classes require a minimum of 16 people.

We have brought together the most talented experts to challenge our clients. The team has recreated security vulnerabilities based on actual penetration tests and real bug bounties seen in the field. This fast-paced class gives attendees an insight into advanced AppSec topics. The class curriculum is split into two:

  • 3 days of Server Side flaws

  • 2 days of Client side flaws


Server Side Flaws (3 days)

These vulnerabilities affect well-known software/websites and span across multiple technologies such as .NET framework to Node.js applications. We selected vulnerabilities that typically go undetected by modern scanners, or have less-known exploitation techniques.

SQL injection

  • 2nd order injection

  • NoSQL injection

  • Out-of-Band exploitation

  • WAF bypass techniques

XXE injection

  • Blind XXE injection

  • Case study of recent XXE bugs

  • XXE to Code Execution

Serialization Flaws

  • PHP object injection

  • Java serialization flaws

  • Case study of recent serialization flaws

HTTP Parameter Pollution (HPP)

  • Detecting HPP in application

  • Case study of recent HPP bugs

Business Logic Flaws

  • Mass assignment bugs

  • OS code injection

  • Crypto attacks

Client Side Flaws (2 days)

These classes focus on offensive attacks and dangerous parts of HTML, JavaScript, and related technologies, the nasty and undocumented stuff. There are dozens of new attack techniques straight from the laboratory of horros of those maintaining ht HTML5 Security Cheat Sheet. We will learn how to attack any Web application - either with unknown legacy features or the half-baked results coming to your browser from the labs of W3C, WHATWG and the ES6 mailings lists. Whether you want to attack modern web applications or shiny browser extensions and Chrome Packaged Apps, we have that covered.

Some knowledge of HTML and JavaScript is required, but rookies and experts will be equally satisfied with the class. HTML is a living standard and so is this class.

Course material will be provided on-site and via access to a private Github repo so all attendees will receive updated material even months after the actual training.

Starts with:

  • Client side flaws (basics)

  • HTT / Encoding

  • Character sets

  • CSRF and detail

  • Cross Site-Scripting

  • DOM clobbering

  • Drag&Drop / Copy&Paste


  • Legacy Features

Moves on to:

  • HTML5 Attacks and Vectors

  • SVG

  • XML

  • Mutation XSS / mXSS

  • Scriptless Attacks

  • SOP Bypasses

  • Filter Bypasses

  • Optimizing your payload


If you work in the security industry of modern web applications, you will benefit from this class.

This is not a beginner class. To gain the maximum value from the topics being explored, attendees should have a strong understanding of the OWASP top 10 issues. The class does not cover all AppSec topics and focuses only on advanced identification and exploitation techniques of vulnerabilities.

© 2019 VALit Aps - Arrow ECS. All rights reserved.