Hacking modern web technologies (W20) - Pentestmag

The access to this course is restricted to PenTest Premium or IT Pack Premium Subscription



After completing this course you will be able to: 

  • Comprehensively remediate common web application vulnerabilities.
  • Apply defensive application design and coding practices to avoid security vulnerabilities.
  • Customize, implement, and maintain a baseline security standard for the web applications development lifecycle (SANS SWAT checklist).permission.
  • Design stronger security architecture.
  • Understand cutting-edge web technologies and their security implications, avoiding security issues when utilizing these newer technologies.
  • Move away from basic web application security principles of “validating more” and implement effective security controls against vulnerabilities that input validation simply does not fix.
  • Leverage HTTP header-level protection to apply strong defense systems on the client side by building another layer of defense on top of secure coding on the server side.


What will you learn in this workshop


HTML5, AJAX, Node.JS, Websockets, RESTful service, Apache ModSecurity, PHP page, XSS, PHP website

Module 1 - Introduction. The Basics.

Try to make a list of your web resources. Map all which you want to check in next modules. If you have none - download and setup special distribution of linux with preinstalled software (like Damn Vulnerable Linux)

Module 2 - Injection
Identify places in your web applications where injection could take place (or in DVL intstance). Try to exploit it. Try bypassing authentication and gaining access.

Module 3 - Security Misconfiguration and Sensitive Data Exposure

Complete Google XSS game. Next - apply your skills on your resources to check them (or DVL). Check it for IDOR and try bypassing it.
Apply all described in module to your environment (or DVL) - check it. Try to re-configure if something wrong there. If you can't, or have any problems - ask questions in forum and we will solve them.


Module 4 - Missing Function Level Access Control and Cross Site Request Forgery (CSRF)

Find and exploit critical vulnerability in provided example application. It is there for sure. If you have any questions - ask them on forum or in private messages.

Module 5 - Using Components with Known Vulnerabilities and Unvalidated Redirects and Forwards

Identify vulnerable components in given example application. Can you exploit this vulnerability?

Your instructor: Vladimir Korennoy

Hevladimir korennoyad of Development of Information Security Systems at PentestIT.

Currently develops brand new SIEM system DataSafety.

DataSafety will present a new level of automating and provide easy connections with all popular security tools.






Questions? Reach out to us at [email protected]

Course Reviews


4 ratings
  • 5 stars2
  • 4 stars0
  • 3 stars1
  • 2 stars1
  • 1 stars0
  1. great


    Great training,

  2. Module 3 and 4 are identical


    Module 3 is identical with the Module 4 everything is the same ;-)

  3. Good introduction


    Hope for more examples.

  4. Easy to understand


    Very informative!

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023