Web application security is not only about XSS and SQL injection. Professional penetration testers and red team members must learn about full-stack attacks on modern web applications and I created this course to help you on this journey.

In this course, you will learn about 3 powerful attacks. First, I'll show you how an attacker can bypass authorization via HTTP parameter pollution. Next, I'll present how the attacker can launch a subdomain takeover attack. Finally, I'll demonstrate how the attacker can take over a user’s account via clickjacking.

** For every single attack presented in this course there is a demo ** so that you can learn step by step how these attacks work in practice. You'll also learn how to check if your web applications are vulnerable to these attacks. I hope this sounds good to you and I can’t wait to see you in the class.

Case #1: HTTP Parameter Pollution – Part 1
Case #1: HTTP Parameter Pollution – Part 2
Case #2: Subdomain Takeover – Part 1
Case #2: Subdomain Takeover – Part 2
Case #3: Account Takeover via Clickjacking – Part 1
Case #3: Account Takeover via Clickjacking – Part 2

Note: you can get paid for these bugs in bug bounty programs.

Who this course is for:

Penetration testers, red team members, ethical hackers, bug hunters, security engineers / consultants

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 1min

HTTP Parameter Pollution – Part 11 lecture • 6min

HTTP Parameter Pollution – Part 21 lecture • 10min

Subdomain Takeover – Part 11 lecture • 10min

Subdomain Takeover – Part 21 lecture • 3min

Account Takeover via Clickjacking – Part 11 lecture • 24min

Account Takeover via Clickjacking – Part 21 lecture • 4min

Requirements

Description

Who this course is for: