Skip to main content

Ben Sadeghipour - An Adversarial Approach To Web Application Hacking €3,800 $4,200


DEFCON Training:

An Adversarial Approach To Web Application Hacking


An Adversarial Approach To Web Application Hacking is a complete web hacking course to not only help students learn the basics of web application hacking, but to also allow them to develop their own methodology. 

Throughout this course, we will provide you labs based on real world vulnerabilities discovered by us in organizations such as Airbnb, Apple, Amazon, Snapchat, Yahoo and more.  In this course not only we’ll show you how to exploit vulnerabilities, but we will also show you techniques to exfiltrate data, escarole access, as well as show impact of each vulnerability type.

Here are some free examples of some of the content you may learn from this training:

Blind XSS Walkthrough -
I hacked a prison:
I hacked a casino:

Course Material:

After completing this training you will be familiar with:

Basics of Web Application Hacking
Burp Suite Basics 
Open Redirect
Cross Site Scripting (Blind, Stored, Reflected)
Cross Site Request forgery (CSRF)
Local file Read & Path Traversal
SQL Injection
Server-Side Request Forgery (SSRF)
Insecure Direct Object Reference (IDOR)
Privilege Escalation
Testing for file uploads
XML external entity (XXE)
Remote Command / Code Execution
Weak or default credentials
API Hacking
Asset Discovery
Content Discovery 
Creating and maintaining word lists
Information gathering
Google Dorking
Looking for leaked credentials 
Advanced Shodan Techniques 
Technologies with Known Exploits

Technical difficulty:
Beginner to intermediate

Suggested Prerequisites:
While this training will offer and cover the foundations of web application hacking, it is highly suggested that students have a solid foundation in web application technologies and in web development.

HTTP Basics:

How to set up burp suite:

Understanding DNS:


DATE: November 11th-14th 2024
TIME: 8am to 5pm
VENUE: Holiday Inn Express, Canal De La Villette, Paris
TRAINER: Ben Sadeghipour
- 32 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included

-VAT included in the price

Payment via wire is accepted.

Wire Instructions:

Bank Name:  Wells Fargo Bank
Bank Address:  420 Montgomery San Francisco, CA 94104
Account Name: Def Con Communications Inc
Routing number: 121000248
Account number: 2019560081

You'll receive confirmation within 1 business day.

Registration terms and conditions:

Trainings are refundable before September 15th, the processing fee is €230.

Trainings are non-refundable after October 1st, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.