Hi, welcome to our advanced web hacking and security course.
In this course, we will teach you how advanced client based, server based and application based web attacks are performed in a simulated/test environment in an ethical way. This course helps the web security professional to mitigate these attack using the recommended solution at the end of each module.
You will be encouraged to practice what you have learned in a simulated environment via our practice "Audio Visual Exercise" session.
We have designed this course to enable those aspiring to enter the information security field to learn core concepts on advanced web hacking in order to safeguard a web infrastructure. By the end of this course, you will be familiar with how various types of advanced web hacks are performed and you will be fully equipped to test and safeguard a web infrastructure against various real-time attack vectors.
This course has been specifically designed by a team of information security researchers who are acknowledged experts in their field.
This course has been designed to accelerate your learning process through the use of creative animations and easy to understand voice over narratives. Complex hacking concepts have been broken down into easy to understand modules.
Together, our team will walk you through the entire learning process step by step.
This course is perfect for existing web designers as well as anybody who is passionate about developing their skills in the field of internet security. No prior training is required to take this course as we will start with the basics, however completing our "web hacking and security" course will be an added advantage. We welcome anyone with a thirst for learning.
We look forward to having you join us. In the meantime, please feel free to take a look at our demo tutorial and exercise before you purchase the full course.
Have you ever wondered what happens behind the scenes when you type "www.google.com" into your browser? Find out here.
An introductory look at the list of attack vectors being discussed in the course.
An insight into the tools that are being used to perform the attacks such as burp suite, cookie manager etc., , along with a tutorial on how to set up a simulated environment using DVWA and Webgoat.
The method of sending fraudulent emails, probing people to disclose sensitive data such as user credentials, financial information etc., is called Phishing. This lecture explains how this can be done via the Full Screen API technique.
A step-by-step approach on how to perform Phishing via Full Screen API.
Obtaining a valid session cookie value of a victim and exploiting it to gain access to the victim's session is called Session Hijacking. This module walks you through how this can be done.
A step-by-step approach on how to perform Session Hijacking.
Testing and exploiting web application and browser-based vulnerabilities is known as Browser Extension Exploitation. This lecture explains how browser vulnerabilities can be exploited.
A step-by-step approach on how to perform Browser Extension Exploitation.
Inserting a Trojan that would act as a proxy between the victim’s browser and its' associated server, to intercept the communication for stealing or modifying transactions, is called a "man-in-the-browser" or MITB attack.
The acting of inserting a trojan that would act as a proxy between the victim's browser and its associated server to intercept the communication for stealing or modifying transactions is called as man-in-the-browser attack.
When a misconfigured server is exploited to traverse above the web root folder, gaining access to the files on the server, it is called Directory Traversal.
A step-by-step approach for practicing a Directory Traversal attack.
A step-by-step approach for practicing File Inclusion Attacks.
File Inclusion is the act of uploading and executing any file, using the dynamic file, including mechanisms that exist on a web application, which either be done locally as an LFI - Local File Inclusion or remotely as an RFI - Remote File Inclusion.
The act of inserting data into a buffer so that it exceeds its boundary is called Buffer Overflow.
A step-by-step approach for practicing Buffer Overflow Attack.
Learn the basics of SQL, which allows you to get a glimpse of how a query is constructed using the logical operators available.
When an invalid SQL Query is given as user input, the Database Server throws an error message corresponding to the invalid query, using this the entire structure of the database can be enumerated. This is called Error Based SQL Injection.
A session for practicing Error Based SQL Injection.
When a logical SQL query, the result of which is based on either true or false replies, is injected to extract confidential data, it is called a Boolean-Based SQL Injection.
A session for practicing Boolean-Based SQL Injection.
When a web application is sanitised in such a way that a Boolean Injection is not possible, the results of the logical SQL query can be determined by a time delay. This is called Time-Based SQL Injection.
A session for practicing Time Based SQL Injection.
Injecting XML nodes by intercepting the requests and responses to and from the server on a XML database is called XML Injection.
A session for practicing XML Injection.
Injecting a malformed Xpath query for bypassing authentication and accessing restricted information is called Xpath Injection.
A session for practicing XML Injection.
I head the academia and industry relations in infySEC. I am also the director at infySEC .Early from the late 90's, I have been always passionate about computer, espically games which eventually had got interest to learn how computers work, such as application , debugging, disassembling, compiling,etc., with time, the same interest got towards networking, like how packets communicate, how data gets transferred,bandwidth , then got lil into wireless and eventually turning back prooved me i was not anywhere but a lovely apt domain called 'Security', i feel i have been travelling in a very interesting path from where i have started, i would certainly urge everyone of us to try it experience it, its not jus the knowledge but its fun, and yea for me i have miles to go myself.
After 14 years I have turned to focus my efforts on training how attackers hack systems and also started to help them understand how to secure ourselves against such attacks. I decided to teach all that i have learnt over the period of 15 years in form of few videos, which effectively means i teach all that 15 years to you in a week... My instruction is very actionable with live demos and hands on, Also i share lab exercises which will enable you not just to read but impliment what you have learnt, I want students to take the knowledge they gain and start using it to make money or do what they choose to do with it (ofcourse only ethical ones).
In 2013, I along with my team at infySEC, stuck the World Record for conducting the largest and longest ethical hacking Marathon with over 9000+ participants assembled in one location, check us on youtube for reference.
My expectations soon after my graduation about IT company's were shattered :D , afterall they say, you are what your company is.My fellow colleagues and team mates were working for money, i was desperate and searching for some like minded in computers, but again, its been 5 yrs i have been working for Multi national companies, and now i have got full time freelancing, afterall there is no one to question your time restriction of work, domain of work, etc..,You are master of your fate, and captain of your soul.... Live the life you have imagined :D
You will find my teaching style is well liked by my students and they are always looking for new and exciting courses from me.
Harry The Boss - Rating: 5 out of 5
I highly recommend infysec to everyone.I joined the training with absolutely no prior experience in ethical hacking....When I attended a training..It was revelation..The fluidity and crisp and clear understanding of trainer was showing...No jargons. In fact he made a very complex phenomenon very simple to comprehend. I gained much more than expectations.... The trainer was master in his subject knowledge...With answers to any questions shooting at him....
Stacie Stalcup - Rating: 5 out of 5
I enjoy the animation. No matter what computer course Infysec offers, I will most likely take it because of how the subject matter is taught and presented. We aren't forced to look at someone reading powerpoints or watching someone talking into the camera which makes me sleepy and becomes boring. There is no dull PowerPoint here; Instead, InfySEC animates the techniques and after the lessons provide step by step exercises. I wish all Udemy classes were taught this way.
Dominik Koszkul - Rating: 5 out of 5
This course quickly shows what are dangers in web. Great for beginners to realize how to write the web applications and secure the servers against attackers
Raymundo Torres - Rating: 5 out of 5
This instruction video was great. Just stuck to the material and explained it thoroughly with visual images and examples. This video inspired me to start a smalll training program for my fellow colleagues. Thanks!
Diana Carolina Gómez - Rating: 5 out of 5
Because the explanations have simple examples and close to reality. This helps to recognize and understand the content of the course easier.
Miteshkumar Joshi - Rating: 5 out of 5
Having some knowledge on HTTP, this course is suitable for me and clearly defines some areas where I was findling it diffculty.
Come , lets togather make the world a secure place to live in !