An advanced web application security review course. Will teach the skills needed to
conduct white box web app penetration tests.
After completing this course, Analyst will be able to understand:
- Tools & Methodologies
- ATutor Authentication Bypass and RCE
- ATutor LMS Type Juggling Vulnerability
- ManageEngine Applications Manager AMUserResourcesSyncServlet SQL
Injection RCE - Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability
- DotNetNuke Cookie Deserialization RCE
- ERPNext Authentication Bypass and Server Side Template Injection
- openCRX Authentication Bypass and Remote Code Execution
- openITCOCKPIT XSS and OS Command Injection – Blackbox
- Concord Authentication Bypass to RCE
- Server-Side Request Forgery
- Guacamole Lite Prototype Pollution
- Conclusion
- Atmail Mail Server Appliance: from XSS to RCE archived.