Web Hacking Black Belt Edition.

About This Course

Course Code

Course Type
Premium Plus


5 Days


Course Overview


This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Attendees will also benefit from a state-of-art Hacklab during the course.

Some of the highlights of the class include:

Target Audience

Users are also encouraged to familiarize themselves with Burp Suite to gain maximum out of the class.


Course Outline

Lab Setup and architecture overview

Introduction to Burp Features

Attacking Authentication and SSO

Password Reset Attacks

Business Logic Flaws / Authorization flaws

XML External Entity (XXE) Attack

Breaking Crypto

Remote Code Execution (RCE)

SQL Injection Masterclass

Tricky File Upload

Server-Side Request Forgery (SSRF)

Attacking the Cloud

Attacking Hardened CMS

Web Caching Attacks

Miscellaneous Vulnerabilities

Attack Chaining N tier vulnerability Chaining leading to RCE

Various Case Studies



Dhruv Shah Principal Security Consultant and Trainer


Dhruv has been with NotSoSecure since 2017 and has worked on security issues with a broad range of clients, including major banking, finance and media companies. This work involves web and application penetration testing and network assessments. He is also involved in Red Team assessments appraising system and network vulnerabilities with little or no prior knowledge of them. His trainer work has involved running courses at BlackHat Chicago and researching and updating the NotSoSecure Advanced Web Hacking training course. His trainer work has involved running courses at Black Hat Chicago in 2018 and Black Hat USA 2019.


Dhruv holds a Master’s degree in IT and has seven years’ specialist experience in Information Security. He started off as a trainer sensitising staff in private sector organisations about security issues and what hackers look for when they launch attacks on networks. He then moved employers where he carried out penetration testing work in Indian government agencies and then at banking clients in the Middle East. He now has extensive penetration testing experience for Fortune 500 companies involving web and mobile applications, networks, Infra and Red Team work. In his spare time, he co-authored the book “Kali Linux Intrusion and Exploitation” and is an active member and moderator of one of the Null chapters in India.


From an early age, Dhruv was fascinated by the inner working of things, taking them apart and finding out how they really worked. This passion directly led to his work in later years in Information Security. He derives huge professional satisfaction by helping companies make their systems and networks more secure by sharing the results of his penetrating testing and providing concrete preventative solutions. By showing them how malicious hackers can exploit flaws and vulnerabilities, he knows he is enabling them to go about their everyday business in the most secure way possible. When not engaged in client work, he maintains his skills and knowledge by carrying out interesting and unusual types of penetration testing and researching new methods to break into applications and systems.

Dates & Prices

Monday 4th October 2021


Monday 4th October 2021