Join us for Wild West Hackin’ Fest Deadwood virtual conference! Register Here

Modern Webapp Pentesting II: Webapp Internals with BB King

Course Authored by .

Modern Webapp Pentesting II Webapp Internals with BB King

Written as a followup to Modern Webapp Pentesting, this course builds on the fundamentals and gives you experience with how they apply to current problems in web applications.

On-Demand $575.00

Course Length: 16 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: Content is loading, please wait.

Description

Written as a followup to Modern Webapp Pentesting, this course builds on the fundamentals and gives you experience with how they apply to current problems in web applications.

A very hands-on course, the material is organized around key technologies and concepts like authentication and authorization, understanding in-browser defenses so you can devise ways to bypass them, and learning just enough about web development to see where real developers are likely to make mistakes or rely too much on unstated assumptions.

This course doesn’t worry about where a student falls on the imaginary scale of beginner to expert but instead focuses on finding and exploiting the kinds of issues found in real webapps today.

System Requirements
  • Hardware/Software Requirements
    • Stable Internet access
    • x86 architecture CPU clocked at 2 GHz or higher that is capable of nested virtualization
    • (Apple Silicon is currently not supported)
    • A computer with at least 8 GB of RAM. 16 GB is recommended
    • VMWare Workstation or VMWare Fusion
    • (VirtualBox and other VM software is not supported)
    • Windows 10/11, MacOSX+, or a currently supported Linux Distribution 
    • Full Administrator/root access to your computer or laptop

FAQ

Key Takeaways
• A reliable methodology for testing today’s webapps
• Hands-on experience with the kinds of defects that modern webapps actually have
• Tips and Tricks for effective reporting so the issues you find can be fixed
Who Should Take This Course
• Motivated Beginners: the course begins with a dive into the protocols and standards that every webapp relies on. With this often overlooked anchor in the fundamentals, you will more easily see how abusing those things can lead to exploits
• Experienced Testers: with the shared understanding of the fundamental concepts, the middle section of the course moves on to show some of the more common ways that weaknesses appear in real applications. The middle section of the course is a lot of hands-on practice time, with lab options for all skill levels. If you know some exploits, but don’t know deeply how and why they work, this section will make you a more confident and flexible tester
• Everyone: the course wraps up with a deep dive into JSON Web Tokens (JWTs) and an introduction to Web Sockets. After investigating the fundamentals of how those things work, tied neatly to the anchors we started with, you will find a clear and repeatable way to quickly learn about unfamiliar technologies so that you won’t be caught short the next time you see something new for the first time
• If you already test webapps routinely, you may appreciate the focus on the fundamentals, an easy-to-follow testing methodology, and the time spent thinking about how best to report what you find so you’re more likely to drive improvements, earn that bug bounty, or get hired again for a future test
Audience Skill Level
• Motivated Beginners: the course begins with a brief review of protocols and tools so we have a shared mental framework to process the more advanced topics that come later
• Experienced Testers: the majority of the course addresses features and technologies that are not so much “advanced topics” that rely heavily on deep understanding of arcane topics as “newer things that nobody talks about attacking”
• If you test webapps exclusively, all day every day, you may still appreciate the time spent on focused practice, methodology, and reporting. Anyone else will also find some new things they can take back to work or bounty-hunting right away
What Each Student Should Bring
• Curiosity and tenacity
• A laptop with the features described above
• OR one with Docker pre-installed (the course does not include any Docker instruction, so do this only if you’re already comfortable troubleshooting your own Docker issues)
• At least 10GB available diskspace
• Current Firefox web browser
What Each Student Will Be Provided With
• Slide deck and links to all the material and tools needed with instructions
• Virtual machine with all the necessary tools and targets for the course
• Contact information for the instructor and a 6-week window of direct one-on-one access in case you have questions after the class is over

About the Instructor

Pixel splash background
Brian "BB" King
BB King
"Artist turned QA Tester turned Pentester and Teacher"
Bio

BB started pentesting professionally in 2008 at the largest financial services company you’ve never heard of. As the second hire on the application security team, he helped define standards and grow the team to a group of more than 30 testers. Through teaching in that environment and elsewhere, he has come to believe that the keys to success are a strong interest in how things work, a willingness to ask questions, and an ability to work through discouragement when things don’t work.

On-Demand

Antisyphon's On-Demand classes give you flexible, self-paced access to the same high-quality training our live events are known for. Whether you're diving into forensics, cloud security, or offensive tooling, each course includes:

  • Full access to video recordings, slides, and downloadable resources
  • Hands-on labs and virtual machines to reinforce real-world skills
  • Cyber Range access for immersive practice (select courses)
  • Dedicated Discord support from instructors and peers
  • Certificates of participation upon completion

Start learning when it works for you!
No deadlines, no pressure. Just real, practical cybersecurity training on your schedule.

Purchase:
Content is loading, please wait.

Related products

Shopping Cart

No products in the cart.