WEB-300: Advanced Web Attacks and Exploitation (OSWE)

Bypass filters, access internal resources, and exploit complex application architectures through SSRF vulnerabilities

Analyze source code and parse application logic to identify potential attack vectors and security vulnerabilities

See how attackers store malicious code on web servers to launch persistent XSS attacks on multiple users over time

Identify the ways attackers can exploit vulnerabilities caused by deserialization in .NET applications

Explore the techniques attackers use to execute system-compromising code on targeted web servers

Use different techniques to exploit SQL injection vulnerabilities to compromise databases without direct application feedback

Understand how attackers use SQL injection, XXE attacks, and compromised file uploads to extract sensitive data from web applications

Understand how attackers can bypass security mechanisms designed to prevent malicious files from being uploaded

Learn how to exploit type juggling and loose comparison behaviors in PHP to bypass authentication to perform malicious actions

Learn how attackers can access private data, execute commands, and establish persistent backdoors by leveraging PostgreSQL extensions and user-defined functions

Evade regex-based input validations to inject malicious payloads into web applications

Bypass authentication mechanisms and perform unauthorized actions by exploiting “magic hashes” in PHP applications

Explore the techniques attackers use to bypass character restrictions in web applications in order to inject malicious payloads and manipulate application behavior

Learn how attackers can leverage user-defined functions to create reverse shells in order to access underlying operating systems

Learn how attackers store/execute malicious code and exfiltrate sensitive data by abusing large objects in PostgreSQL databases

Learn how the browser’s Document Object Model (DOM) can be manipulated to execute malicious JavaScript code in web applications without direct server-side interaction

Identify and exploit vulnerabilities in server-side templates in order to execute remote code, disclose information, or escalate privileges

Understand the risks associated with poorly implemented random token generation in web applications and how attackers can exploit them or compromise user sessions

Discover the ways attackers can exploit XML parser weaknesses to access files, execute commands, or perform DDoS attacks, and how to prevent XXE vulnerabilities in your web applications

Learn how vulnerabilities in database functions can be exploited to execute arbitrary code on the server to compromise your web applications

Identify and mitigate WebSocket vulnerabilities that can be used to inject operating system commands to gain control of underlying servers