Beyond the Web Application Hacker's Handbook

This course is designed for readers of the Web Application Hacker's Handbook who have performed 20+ web application tests and have reached a plateau of skills and knowledge.

• TL;DR - How to use this lab
• Register the same username for chat. If your instructor has given you a chat server to use during the course, register with the same username on there as on here
• Unlock process. The exercises in this course are ordered in increasing levels of difficulty. Your instructor will give you codes to unlock each lab at the time you need it. Solving certain or all challenges may unlock bonus labs to keep you busy :-)
• Answers. There are occasional hints for each exercise. The hint with the highest point score is generally the actual answer - when you need it, it's there! Exercises will also be demoed where needed.
• Help. If you were given a chat server to use, this is how you get help! This is fully interactive, feel free to PM the instructor, send screenshots, ask for hints, syntax, troubleshooting etc.


• Content
   The content here will give you insight into:
• Uncovering subtle flaws in applications
• Expanding your armory of tools and techniques
• Writing custom code (burp extensions
• Practicing key vulnerabilities
• Prerequisite Knowledge
   It is assumed that you have a working knowledge of:
• Burp Proxy, Intruder, Repeater, Scanner
• At least one programming language (e.g. python)
• HTML
• Basic understanding of SSL
• HTTP
• JavaScript
• The OWASP Top 10
• XSS, SQLi, Traversal

Sound good? Head over to the labs...