Web Hacking
10.0
(3)
Tier 1 Easy Skill Path Web Hacking
This path is designed for you to systematically learn web hacking from fundamentals to advanced topics. You'll study vulnerabilities and attack techniques on both the client and server sides through lectures and hands-on labs. You’ll also solve wargame challenges to simulate real-world environments. Completing the path will prepare you for roles such as white-hat hacker, bug bounty hunter, security consultant, or security researcher.
Web Hacking
10.0
(3)
Tier 1 Easy Skill Path Web Hacking
This path is designed for you to systematically learn web hacking from fundamentals to advanced topics. You'll study vulnerabilities and attack techniques on both the client and server sides through lectures and hands-on labs. You’ll also solve wargame challenges to simulate real-world environments. Completing the path will prepare you for roles such as white-hat hacker, bug bounty hunter, security consultant, or security researcher.
Retail Price
650 coins
When you subscribe
Free
0% Completed Total 0 completed
Lecture 0 /30
30
Wargame 0 /13
13
Quiz 0 /15
15
You can access locked objectives by upgrading your plan or purchasing the units separately.

Why It's Worth Your Time

Today, the web is one of the most essential technologies in our lives. We rely on it for searching information, gaming, shopping, navigation, collaboration, and more. As web services have become more diverse and integral to daily life, ensuring their security has become a critical challenge. If all web services were to go down even for a day, the impact would be unimaginable. This path is designed to provide the essential knowledge and skills needed to understand web hacking fundamentals and build safer web services. It aims to help beginners — especially those who visit Dreamhack out of curiosity about hacking — enter the world of web security easily.

Topics Covered

  • Basic concepts of the web, including HTTP/HTTPS and browser structures
  • Step-by-step learning from basic to advanced web hacking
  • Client-side vulnerabilities such as XSS and CSRF
  • Server-side vulnerabilities such as SQL Injection, NoSQL Injection, and SSRF
  • Practical attack scenarios like command injection and file upload/download vulnerabilities
  • Hands-on experience solving wargame challenges

Recommended For

  • Those aiming to become white-hat hackers, bug bounty hunters, security consultants, or researchers
  • Those who want a structured journey from basic to advanced web hacking

Prerequisite Knowledge

  • Basic computer skills
  • Basic understanding of networking
  • Basic knowledge of HTML and JavaScript
  • Familiarity with Python syntax and the Flask framework
Unit Composition
Total 9 units
  1. 1
    10.0
    (4)
    Free
    10.0
    (4)
    Free
    Explore the evolution of web communication, protocols, and browser functionalities.
    Web Basics
    Background: Web
    Background: HTTP/HTTPS
    Lab: HTTP Request & Response
    Pro
    Quiz: Web
    Quiz: HTTP/HTTPS
    Web Browser
    Background: Web Browser
    Tools: Browser DevTools
    Quiz: Web Browser
    Quiz: Browser DevTools
    [Self-practice] devtools-sources
    devtools-sources
  2. 2
    9.6
    (16)
    Free
    9.6
    (16)
    Free
    Understand key web security concepts like cookies, sessions, and Same-Origin Policy (CORS), while analyzing and improving vulnerabilities in Flask web applications.
    Cookie & Session
    Background: Cookie & Session
    Lab: Cookie & Session
    Pro
    Quiz: Cookie & Session
    [Exercise] Cookie
    Exercise: Cookie
    cookie
    [Exercise] Cookie & Session
    Exercise: Cookie & Session
    session-basic
    Same-Origin Policy (SOP)
    Mitigation: Same Origin Policy
    Lab: Same Origin Policy
    Pro
    Quiz: Same Origin Policy
  3. 3
    10.0
    (3)
    Free
    10.0
    (3)
    Free
    Learn various types and techniques of XSS attacks, understand client-side vulnerabilities through cookie theft and page tampering cases, and explore defense techniques to prevent them.
    Cross-Site Scripting (XSS)
    ClientSide: XSS
    Lab: Basic XSS
    Pro
    Quiz: XSS
    [Exercise] XSS
    Exercise: XSS
    xss-1
    [Exercise] XSS-2
    Exercise: XSS-2
    xss-2
  4. 4
    10.0
    (1)
    100
    Coin
    Free with subscription
    10.0
    (1)
    100
    Coin
    Free with subscription
    Understand how CSRF attacks work and how they differ from XSS, and learn to exploit and defend against CSRF vulnerabilities through hands-on exercise.
    Cross-Site Request Forgery (CSRF)
    ClientSide: CSRF
    Lab: CSRF
    Pro
    Quiz: CSRF
    [Exercise] CSRF
    Exercise: CSRF
    csrf-1
    [Exercise] CSRF-2
    Exercise: CSRF-2
    csrf-2
  5. 5
    10.0
    (1)
    200
    Coin
    Free with subscription
    10.0
    (1)
    200
    Coin
    Free with subscription
    Understand SQL Injection and Blind SQL Injection techniques, and learn about database security threats and countermeasures through hands-on exercise.
    SQL Injection
    Background: Relational DBMS
    ServerSide: SQL Injection
    Lab: SQL Injection
    Pro
    Quiz: SQL Injection
    SQL DML
    Background: SQL DML
    Lab: SQL DML
    Pro
    Quiz: SQL DML
    SQL Features
    Background: SQL Features
    Lab: Subquery-based SQL Injection
    Pro
    Lab: Blind SQL Injection
    Pro
    Lab: Union-based SQL Injection
    Pro
    Quiz: SQL Features
    [Exercise] SQL Injection
    Exercise: SQL Injection
    Exercise: Blind SQL Injection
    simple_sqli
  6. 6
    0.0
    (0)
    100
    Coin
    Free with subscription
    0.0
    (0)
    100
    Coin
    Free with subscription
    Learn the fundamentals of NoSQL databases and exercise NoSQL Injection attacks and defenses using MongoDB.
    NoSQL Injection
    Background: Non-Relational DBMS
    ServerSide: NoSQL Injection
    Lab: NoSQL Injection
    Pro
    Quiz: NoSQL Injection
    [Exercise] NoSQL Injection
    Exercise: NoSQL Injection
    Mango
  7. 7
    0.0
    (0)
    100
    Coin
    Free with subscription
    0.0
    (0)
    100
    Coin
    Free with subscription
    Understand and learn Command Injection techniques and the input characteristics that cause them.
    Command Injection - Web Servers
    ServerSide: Command Injection
    Lab: Command Injection
    Pro
    Quiz: Command Injection
    [Exercise] Command Injection
    Exercise: Command Injection
    command-injection-1
  8. 8
    10.0
    (1)
    100
    Coin
    Free with subscription
    10.0
    (1)
    100
    Coin
    Free with subscription
    Learn security vulnerabilities in file upload and download features, and practice web shell and path traversal attack techniques and countermeasures.
    File Vulnerability
    ServerSide: File Vulnerability
    Lab: File Vulnerability
    Pro
    Quiz: File Vulnerability
    [Exercise] File Vulnerability
    Exercise: File Vulnerability
    image-storage
    [Exercise] File Vulnerability-2
    Exercise: File Vulnerability-2
    file-download-1
  9. 9
    50
    Coin
    Free with subscription
    10.0
    (1)
    50
    Coin
    Free with subscription
    Explore SSRF vulnerabilities in web development and learn defense strategies.
    Server-Side Request Forgery (SSRF)
    ServerSide: SSRF
    Quiz: SSRF
    [Exercise] Server-Side Request Forgery (SSRF)
    Exercise: SSRF
    web-ssrf
Reviews
10.0 (3)
2 days ago

웹 해킹이 기초라 생각합니다. 리버싱 하기전에 해야징 하고 생각하고 있어요 근데 유료플랜 바껴서 마음이 너무 아파요..

2 days ago

.

10 days ago

초심자에게 친절함

Retail Price
650 coins
When you subscribe
Free
0% Completed Total 0 completed
Lecture 0 /30
30
Wargame 0 /13
13
Quiz 0 /15
15
You can access locked objectives by upgrading your plan or purchasing the units separately.