Source Incite's Full Stack Web Attack

Full Stack Web Attack is not an entry-level course. It’s designed to push you beyond what you thought was possible and set you on the path to develop your own workflow for offensive zero-day Web research. Many Web application testers and bounty hunters are focused on attacking Web applications via a blackbox approach. However, given today’s Web technology landscape, code is getting more abstracted, frameworks are being added and complexity is on the rise and as such, so are the vulnerabilities. Old techniques are being replaced with new Web attack research which is limited to a handful of world renowned experts.

To tackle this, security experts need to take a white box approach. Blackbox testing is no longer an effective approach, particularly if you want to find critical unauthenticated remote code execution vulnerabilities. In this course, several vulnerabilities will be revealed which would have been impossible to discover or exploit without access to the source code.

Classes are limited. Get registered!

The technology stacks of web applications today are becoming increasingly complex. In order to discover deep vulnerability patterns and exploit primitives, analysis of the underlying source code is required. This course is designed for focused pen testers, red teamers and developers that want to move beyond blackbox penetration testing to find and exploit high impact server-side vulnerabilities.

Learn the following key skills:

  • Feel comfortable reading code (looking for vulnerabilities) and writing code (developing exploits).
  • Debug complex Web applications using source code debuggers.
  • Attack complex object oriented vulnerability patterns.
  • Chain multiple vulnerabilities to achieve remote code execution.
  • Bypass authentication systems without client side vulnerabilities.
  • Leverage information disclosure for remote code execution.
NEW-2 (1)



In person


Columbia, MD (East Coast) San Francisco, CA (West Coast)


4 Days


This course is developed for web penetration testers, bug hunters and developers that want to make a switch to server-side web security research or see how serious adversaries will attack their web based code.


A laptop with: A 64bit Host operating system 16 Gb RAM minimum VMWare Workstation/Fusion 100 GB Hard disk free minimum Wired and Wireless network support USB 3.0 support


Students must have the following knowledge and skills:

  • Know how to use Burp Suite
  • Possess a basic understanding of common Web attacks
  • Possess a basic understanding of various Web technologies such as HTTP(S), proxies and browsers
  • At least moderate scripting skills using common languages such as Bash, Python, Ruby, PHP and JavaScript.

Why choose the Center for Cyber Security Training

Interactive, classroom-based learning

Subject matter experts

Trusted by US government agencies

It was very inspiring to see your strategy, way of thinking and searching through code. That is even more valuable than the vulnerabilities themselves. It was possibly one of the most challenging trainings, I took, in a good way.

- Anonymous

Want more information?

Download the Full Stack Web Attacks course outline now.

Upcoming Training Sessions

San Francisco, CA. - December 1-4, 2020

Classes are limited.

Enroll Now.

Related Courses

Our classroom delivers the most in-demand content from the highest profile subject matter experts. Intense and interactive, our courses prepare students with actionable insight and proven strategies.


Corelan ® Exploit Development: Bootcamp and Advanced

Our four-day Bootcamp will teach both basic & advanced techniques from a leading exploit developer. Learn how to write reliable exploits for the Win32 platform, starting with the basics of stack buffer overflows and exploit writing.

NEW-1 (1)

Black Belt Pentesting / Bug Hunting Millionaire

Modern Web applications are complex and it’s all about full-stack these days. That’s why you need to dive into full-stack exploitation if you want to master Web attacks and maximize your payouts. Say ‘No’ to classical Web application hacking. Join this unique hands-on training and become a full-stack exploitation master.

Looking for a course that's not here? We'd love to hear your suggestions!

Are you fully prepared to deal with today's increasing cyber security risks? We can help you get the training you need.


*We respect your privacy