웹 해킹이 기초라 생각합니다. 리버싱 하기전에 해야징 하고 생각하고 있어요 근데 유료플랜 바껴서 마음이 너무 아파요..
Web Hacking
This path is designed for you to systematically learn web hacking from fundamentals to advanced topics. You'll study vulnerabilities and attack techniques on both the client and server sides through lectures and hands-on labs. You’ll also solve wargame challenges to simulate real-world environments. Completing the path will prepare you for roles such as white-hat hacker, bug bounty hunter, security consultant, or security researcher.
Web Hacking
This path is designed for you to systematically learn web hacking from fundamentals to advanced topics. You'll study vulnerabilities and attack techniques on both the client and server sides through lectures and hands-on labs. You’ll also solve wargame challenges to simulate real-world environments. Completing the path will prepare you for roles such as white-hat hacker, bug bounty hunter, security consultant, or security researcher.
Retail Price
650 coins
When you subscribe
Free
0% Completed
Total 0 completed
Lecture
0 /30
30
Wargame
0 /13
13
Quiz
0 /15
15
Why It's Worth Your Time
Today, the web is one of the most essential technologies in our lives. We rely on it for searching information, gaming, shopping, navigation, collaboration, and more. As web services have become more diverse and integral to daily life, ensuring their security has become a critical challenge. If all web services were to go down even for a day, the impact would be unimaginable. This path is designed to provide the essential knowledge and skills needed to understand web hacking fundamentals and build safer web services. It aims to help beginners — especially those who visit Dreamhack out of curiosity about hacking — enter the world of web security easily.
Topics Covered
- Basic concepts of the web, including HTTP/HTTPS and browser structures
- Step-by-step learning from basic to advanced web hacking
- Client-side vulnerabilities such as XSS and CSRF
- Server-side vulnerabilities such as SQL Injection, NoSQL Injection, and SSRF
- Practical attack scenarios like command injection and file upload/download vulnerabilities
- Hands-on experience solving wargame challenges
Recommended For
- Those aiming to become white-hat hackers, bug bounty hunters, security consultants, or researchers
- Those who want a structured journey from basic to advanced web hacking
Prerequisite Knowledge
- Basic computer skills
- Basic understanding of networking
- Basic knowledge of HTML and JavaScript
- Familiarity with Python syntax and the Flask framework
Unit Composition
- 1Web BasicsBackground: WebBackground: HTTP/HTTPSLab: HTTP Request & Response
Pro
Quiz: WebQuiz: HTTP/HTTPSWeb BrowserBackground: Web BrowserTools: Browser DevToolsQuiz: Web BrowserQuiz: Browser DevTools[Self-practice] devtools-sourcesdevtools-sources - 2FreeFreeUnderstand key web security concepts like cookies, sessions, and Same-Origin Policy (CORS), while analyzing and improving vulnerabilities in Flask web applications.Cookie & SessionBackground: Cookie & SessionLab: Cookie & Session
Pro
Quiz: Cookie & Session[Exercise] CookieExercise: Cookiecookie[Exercise] Cookie & SessionExercise: Cookie & Sessionsession-basicSame-Origin Policy (SOP)Mitigation: Same Origin PolicyLab: Same Origin Policy
Pro
Quiz: Same Origin Policy
- 3Learn various types and techniques of XSS attacks, understand client-side vulnerabilities through cookie theft and page tampering cases, and explore defense techniques to prevent them.Cross-Site Scripting (XSS)ClientSide: XSSLab: Basic XSS
Pro
Quiz: XSS[Exercise] XSSExercise: XSSxss-1[Exercise] XSS-2Exercise: XSS-2xss-2
- 4100Coin
Free with subscription
100Coin
Free with subscription
Understand how CSRF attacks work and how they differ from XSS, and learn to exploit and defend against CSRF vulnerabilities through hands-on exercise.Cross-Site Request Forgery (CSRF)ClientSide: CSRFLab: CSRF
Pro
Quiz: CSRF[Exercise] CSRFExercise: CSRFcsrf-1[Exercise] CSRF-2Exercise: CSRF-2csrf-2 - 5200Coin
Free with subscription
200Coin
Free with subscription
Understand SQL Injection and Blind SQL Injection techniques, and learn about database security threats and countermeasures through hands-on exercise.SQL InjectionBackground: Relational DBMSServerSide: SQL InjectionLab: SQL Injection
Pro
Quiz: SQL InjectionSQL DMLBackground: SQL DMLLab: SQL DML
Pro
Quiz: SQL DMLSQL FeaturesBackground: SQL FeaturesLab: Subquery-based SQL Injection
Pro
Lab: Blind SQL Injection
Pro
Lab: Union-based SQL Injection
Pro
Quiz: SQL Features[Exercise] SQL InjectionExercise: SQL InjectionExercise: Blind SQL Injectionsimple_sqli
- 6100Coin
Free with subscription
100Coin
Free with subscription
Learn the fundamentals of NoSQL databases and exercise NoSQL Injection attacks and defenses using MongoDB.NoSQL InjectionBackground: Non-Relational DBMSServerSide: NoSQL InjectionLab: NoSQL Injection
Pro
Quiz: NoSQL Injection[Exercise] NoSQL InjectionExercise: NoSQL InjectionMango
- 7100Coin
Free with subscription
100Coin
Free with subscription
Understand and learn Command Injection techniques and the input characteristics that cause them.Command Injection - Web ServersServerSide: Command InjectionLab: Command Injection
Pro
Quiz: Command Injection[Exercise] Command InjectionExercise: Command Injectioncommand-injection-1
- 8100Coin
Free with subscription
100Coin
Free with subscription
Learn security vulnerabilities in file upload and download features, and practice web shell and path traversal attack techniques and countermeasures.File VulnerabilityServerSide: File VulnerabilityLab: File Vulnerability
Pro
Quiz: File Vulnerability[Exercise] File VulnerabilityExercise: File Vulnerabilityimage-storage[Exercise] File Vulnerability-2Exercise: File Vulnerability-2file-download-1
- 9
Reviews
Retail Price
650 coins
When you subscribe
Free
0% Completed
Total 0 completed
Lecture
0 /30
30
Wargame
0 /13
13
Quiz
0 /15
15