3 Hour Course: Learn How To Hack and Defend Your Website

3 Hour Course: Learn How To Hack and Defend Your Website

Henry Dalziel | Concise Courses, Resources and Tutorials | September 3, 2013

We are delighted to launch our “Learn How To Hack & Defend A Website In Just 3 Hours” which is going to be a live, online, 180 minute interactive class.

We have been planning this course for quite some time now so we are very excited to launch the training! The emphasis on this training is to teach the individual how to better defend and protect their website from the most common cyber attacks. The course is especially suited for professionals that work in network administration, data security analysts or indeed web masters, security professionals etc. There is something in this course for everyone.

Website defense not taking seriously enough
The “it will not happen to me” phenomena will always be prevalent when it comes to website security. Somewhat understandably, especially for SME’s, the time and financial outlay to protect your online presence can be immediately prohibitive, but, there is literally nothing more important to your business: and that is, your identity! There are hundreds, if not thousands, of ways your website can be hacked and compromised. Examples include defacement, 301 or .htaccess redirects, XSS & CSRF exploits, MySQL injection, malware injection, etc etc. The list is endless. The sad reality is, however, that out of all the hacks you can have, the ‘best’ one to receive is a site defacement because at least that way the hacker has left a calling card and you have been made aware of the fact that your website has been hacked. The majority of hacks are intentionally meant to be untraced or better said, to leave no trace and to facilitate a backdoor.

Summary of our course
Benefits of our website defense course include giving our students a better understanding of what is happening behind-the-scenes in their web applications. The best way to do this is to appreciate the HTTP protocol and other underlying web technologies, something our instructor, Alejandro Caceres (founder of PunkSPIDER and PunkSCAN) will explain. The course also includes a section to understand how to better use industry standard vulnerability discovery and exploitation tools – most notably Burp Suite, which for those that don’t know is a fully featured web application testing tool. In summary, the main benefit of attending our course is to gain a basic but comprehensive knowledge of finding and exploiting the most common web security vulnerabilities – and therefore allowing you to shore up your defenses!

Overview of the course syllabus
You can get a more in-depth overview on the actual course page here but here’s a brief overview:

  • Section 1: HTTP and Basic Web Technologies (20 minutes)
  • Section 2: The Setup (5 minutes)
  • Section 3: Understanding the Application (15 minutes)
  • Section 4: Vulnerabilities (65 minutes)
  • Section 5: Exploitation (75 minutes)

The course also includes labs
Yes, we have thought of everything. In our incredibly affordable course, which we have dubbed our “Concise Courses Mini-Affordable Courses” – labs compliment – and help better educate students. Our labs include exercises that use the Burp Suite Intruder and the intercept proxy to bypass client-side controls. Labs also include using SQLMap and Burp Suite to automatically steal an entire database!

Tools that we will use in the 3 hour training include:

“Man is a tool-using animal. Without tools he is nothing, with tools he is all.” – Thomas Carlyle (Scottish philosopher)

A penetration tester, hobbyist, enthusiasts and indeed every hacker that wears every shade of hat must use hacking tools and our students are not different. We will be using DirBuster, Burp Suite, Nikto, SQLMap and the Damn Vulnerable Web App (DVWA) platform.

About your trainer: Alejandro Caceres
Alejandro Caceres lives and breathes web application security as the CTO and lead developer of Hyperion Gray LLC, a security research company. He has spoken at major security conferences, most recently at DEFCON 21 (2013) on subjects that are at the cutting edge of application security. Most notably, and of particular importance to this course, he is the founder and lead engineer of the PunkSPIDER Project. The PunkSPIDER and PunkSCAN project uses distributed computing to discover vast amounts of web vulnerabilities across the Internet.

Not only is Alejandro a professional with vast practical experience, he is also a great guy and his teaching style is relaxed, informal and straightforward. In summary, he believes that web application security should be accessible to everyone with an interest in the field – and – at an affordable price. Learn more and discover just how affordable our 3 hour course!

Update: Cool article with Alejandro here.

Leave a comment or reply below...thanks!