What do I think of Practical Web Hacking course from TCM Security with Alex Olsen

Web security is an ever-evolving field, requiring continuous learning and adaptation. TCM’s course “Practical Web Hacking,” led by the exceptional instructor Alex Olsen, is designed to equip cybersecurity enthusiasts and professionals with hands-on knowledge and skills to tackle real-world web security challenges. This blog post delves into what this course offers, who should consider enrolling, and the detailed agenda that spans ten intensive hours of learning.

Practical Web Hacking

The “Practical Web Hacking” course by Alex Olsen is tailored to provide a deep dive into the essentials and advanced aspects of web application security. It combines theoretical knowledge with practical exercises, ensuring that learners can apply what they’ve learned in real-world scenarios. Alex Olsen’s expertise and engaging teaching style make this course both informative and enjoyable.

Who Should Take This Course?

This course is ideal for:

  • Aspiring Ethical Hackers: Individuals new to web security who want to build a solid foundation.
  • Security Professionals: Those looking to expand their expertise and stay updated with the latest web hacking techniques.
  • Developers: Software developers who want to understand how to secure their applications against various web attacks.
  • Students and Hobbyists: Anyone interested in learning about web security and ethical hacking.

What is in the Course?

The course is structured into multiple modules, each focusing on different aspects of web hacking. Here’s a breakdown of the agenda:

The Agenda (10 hours)

Introduction

  • Welcome To The Course (4:08)
  • Lab Setup (8:57)
  • Course Support (1:20)
  • Web Application Components (11:12)
  • HTTP (14:23)
Authentication
  • Introduction to Authentication (17:24)
  • Brute-Force Attacks (17:32)
  • Challenge Walkthrough (6:35)
  • Response Timings (6:14)
  • Challenge Walkthrough (9:03)
  • Session Tokens and Sequencer (13:40)
  • Multi-Factor Authentication (5:01)
  • Challenge Walkthrough (6:02)
Access Control
  • Introduction to Access Control (7:40)
  • IDOR (Insecure Direct Object Reference) (9:29)
  • Challenge Walkthrough (5:33)
  • Attacking Weak Access Controls (7:51)
  • Challenge Walkthrough (7:06)
SSRF (Server-Side Request Forgery)
  • Introduction to SSRF (9:54)
  • Challenge Walkthrough (feat. Turbo Intruder) (6:44)
  • Blind SSRF (7:10)
  • Challenge Walkthrough (9:47)
SQL Injection
  • Introduction to SQL Injection (19:00)
  • Blind SQL Injection (56:16)
  • Challenge Walkthrough (7:29)
  • NoSQL Injection (15:12)
File Inclusion
  • Introduction to File Inclusion (17:16)
  • File Inclusion Payloads (3:17)
  • Challenge Walkthrough (2:53)
  • Bypassing Filters (3:59)
  • File Inclusion to RCE (2:33)
  • Challenge Walkthrough (2:30)
  • File Inclusion Prevention (1:22)
XXE (XML External Entity Injection)
  • Introduction to XXE (10:27)
  • Common XXE Attacks (2:07)
  • Challenge Walkthrough (4:50)
  • XXE via XInclude (4:02)
  • Challenge Walkthrough (2:54)
XSS / JavaScript Injection
  • Introduction to XSS (25:26)
  • DOM Invader (10:30)
  • Challenge Walkthrough (3:34)
  • Going Beyond alert(1) (9:51)
  • Filter and WAF Evasion Techniques (10:37)
JWTs (JSON Web Tokens)
  • Introduction to JWTs (5:50)
  • JWT Signature Attacks (6:44)
  • Challenge Walkthrough (4:04)
  • JWT_Tool (6:00)
  • Header Injection (7:05)
Mass Assignment
  • Mass Assignment (8:51)
WebSockets
  • Introduction to WebSockets (8:21)
  • WebSocket Hijacking (8:52)
Open Redirects
  • Open Redirects (7:05)
Race Conditions
  • Introduction to Race Conditions (6:47)
  • Single Endpoint Race Conditions (8:39)
  • Multi-Endpoint Race Conditions (1:53)
  • Challenge Walkthrough (4:19)
Capstone Challenge
  • Launching the Capstone (5:22)
  • Capstone Walkthrough (41:48)
  • Thank you & see you next time! (0:46)

Conclusion

The “Practical Web Hacking” course by Alex Olsen is an excellent resource for anyone looking to deepen their understanding of web security. With a comprehensive curriculum that covers a wide range of topics, from basic web application components to advanced attack vectors and mitigation techniques, this course provides valuable insights and hands-on experience. Alex Olsen’s expertise and engaging teaching style significantly enhance the learning experience, making complex concepts accessible and interesting.

Whether you’re a beginner or an experienced professional, this course can help you enhance your skills and stay ahead in the field of web security. Enroll today and take the first step towards becoming a proficient web security expert!

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑