Master the skills of advanced server-side attacks, covering SSRF, File Inclusions, Deserialization, Race Conditions, and Prototype Pollution.

This module will focus on advanced server-side attack techniques an attacker uses to compromise a web app. We will learn to detect and mitigate SSRF vulnerabilities, followed by threats posed by prototype pollution and how attackers can exploit them. We will cover a range of topics, including file inclusion vulnerabilities through PHP wrappers, session files, and log poisoning. We will also learn about particular attack vectors like race conditions where simultaneous access to shared resources can lead to unpredictable behaviour. Finally, we will understand attack techniques during the deserialisation process that may allow attackers to execute malicious code on servers. Upon completing the module, you will have the skills to understand advanced server-side attack techniques attackers utilise to weaken web app security. All the rooms are equipped with realistic scenarios and real-world application examples that provide practical insights into the exploitation and mitigation of server-side vulnerabilities.

Insecure Deserialisation

Get in-depth knowledge of the deserialisation process and how it poses a vulnerability in a web app.

SSRF

Discover the inner workings of SSRF and explore multiple exploitation techniques.

File Inclusion, Path Traversal

Exploit File Inclusion and Path Traversal vulnerabilities.

Race Conditions

Learn about race conditions and how they affect web application security.

Prototype Pollution

Explore the concept of prototype pollution and its implications during pentesting.

Include

Use your server exploitation skills to take control of a web app.

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

Need to know

Web Hacking Fundamentals

Understand the core security issues with web applications, and learn how to exploit them using industry tools and techniques.

Next steps

Advanced Client-Side Attacks

Through real-world scenarios, you will gain a detailed understanding of client-side attacks, including XSS, CSRF, DOM-based vectors, SOP, and CORS vulnerabilities.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.

Advanced Server-Side Attacks