웹해킹에 대해서 보다 자세히 배울 수 있었고 정보보안 공부에 더욱 흥미가 생길 수 있도록 도와준 시간이었습니다~!!
Web Hacking
Learn fundamental vulnerabilities and attack techniques on both the client and server sides through lectures and Labs, and solve wargame challenges to test your understanding. Completing this Path will prepare you for roles in security field.
Web Hacking
Learn fundamental vulnerabilities and attack techniques on both the client and server sides through lectures and Labs, and solve wargame challenges to test your understanding. Completing this Path will prepare you for roles in security field.
0% Completed
Total 0 completed
Lecture
0 /31
Excluded
31
Wargame
0 /13
13
Quiz
0 /15
15
The Lab is a practice and is not included in the overall progress.
Why It's Worth Your Time
Today, the web is one of the most essential technologies in our lives. We rely on it for searching information, gaming, shopping, navigation, collaboration, and more. As web services have become more diverse and integral to daily life, ensuring their security has become a critical challenge. If all web services were to go down even for a day, the impact would be unimaginable. This Path is designed to provide the essential knowledge and skills needed to understand web hacking fundamentals and build safer web services. It aims to help beginners — especially those who visit Dreamhack out of curiosity about hacking — enter the world of web security easily.
Topics Covered
- Basic concepts of the web, including HTTP/HTTPS and browser structures
- Step-by-step learning from basic to advanced web hacking
- Client-side vulnerabilities such as XSS and CSRF
- Server-side vulnerabilities such as SQL Injection, NoSQL Injection, and SSRF
- Practical attack scenarios like command injection and file upload/download vulnerabilities
- Hands-on experience solving wargame challenges
Recommended For
- Those aiming to become white-hat hackers, bug bounty hunters, security consultants, or researchers
- Those who want a structured journey from basic to advanced web hacking
Prerequisite Knowledge
- Basic computer skills
- Basic understanding of networking
- Basic knowledge of HTML and JavaScript
- Familiarity with Python syntax and the Flask framework
Unit Composition
- 1Web BasicsBackground: WebBackground: HTTP/HTTPSLab: HTTP Request & Response
Pro
Quiz: WebQuiz: HTTP/HTTPSWeb BrowserBackground: Web BrowserTools: Browser DevToolsQuiz: Web BrowserQuiz: Browser DevTools[Exercise] devtools-sourcesExercise: devtools-sourcesdevtools-sources - 2Cookie & SessionBackground: Cookie & SessionLab: Cookie & Session
Pro
Quiz: Cookie & Session[Exercise] CookieExercise: Cookiecookie[Exercise] Cookie & SessionExercise: Cookie & Sessionsession-basicSame-Origin Policy (SOP)Mitigation: Same Origin PolicyLab: Same Origin Policy
Pro
Quiz: Same Origin Policy
- 3
- 4
- 5200 Coin200 CoinUnderstand SQL Injection and Blind SQL Injection, and their countermeasures through hands-on exercises.SQL InjectionBackground: Relational DBMSServerSide: SQL InjectionLab: SQL Injection
Pro
Quiz: SQL InjectionSQL DMLBackground: SQL DMLLab: SQL DML
Pro
Quiz: SQL DMLSQL FeaturesBackground: SQL FeaturesLab: Subquery-based SQL Injection
Pro
Lab: Blind SQL Injection
Pro
Lab: Union-based SQL Injection
Pro
Quiz: SQL Features[Exercise] SQL InjectionExercise: SQL InjectionExercise: Blind SQL Injectionsimple_sqli
- 6100 Coin100 CoinLearn the fundamentals of NoSQL databases and exercise NoSQL Injection attacks and defenses using MongoDB.NoSQL InjectionBackground: Non-Relational DBMSServerSide: NoSQL InjectionLab: NoSQL Injection
Pro
Quiz: NoSQL Injection[Exercise] NoSQL InjectionExercise: NoSQL InjectionMango
- 7100 Coin100 CoinUnderstand and learn Command Injection techniques and the input characteristics that cause them.Command Injection - Web ServersServerSide: Command InjectionLab: Command Injection
Pro
Quiz: Command Injection[Exercise] Command InjectionExercise: Command Injectioncommand-injection-1
- 8100 Coin100 CoinExplore potential security vulnerabilities in file upload and download functionalities of web servers.File VulnerabilityServerSide: File VulnerabilityLab: File Vulnerability
Pro
Quiz: File Vulnerability[Exercise] File VulnerabilityExercise: File Vulnerabilityimage-storage[Exercise] File Vulnerability-2Exercise: File Vulnerability-2file-download-1
- 9
Reviews
기초 지식과 개념, 원리를 자연스럽게 알아갈 수 있는 과정입니다. 2번 정도는 반복해서 들어도 좋을 것 같아요!
보안을 어떻게 시작할지 막막했는데, path와 unit이 체계적으로 되어있어서 시작하기 좋았다
본인은 컴퓨터 학과 저학년 학생임. 아직 진로를 못정해서 여러분야를 찍먹해보고 있는데 정보보안 분야는 타 분야에 비해서 정보가 이리저리 흩어져 있는 것을 느낌. 그래서 고민하던 중 에타에서 정보보안 현직자 한 분이 드림핵을 추천해줘서 시작해봄. 1년 starter를 끊긴 했는데 정말 마음에 안 들면 환불 할려 했었음. 근데 생각보다 훨씬 자세하게 잘 알려주는 것을 보고 정보보안 분야에 대해 흥미가 느껴지기 시작함. 웹 해킹 하면서 이론으로만 배웠던 내용들(본인 학교에서는 computer networking topdown approach 책으로 수업함)을 실습하고 관찰해보니 재밌었음. 개인적으로 문제 푸는 재미도 있음. 백준이나 codeforce 같은 알고리즘 사이트에서 문제 푸는 것을 좋아하신다면 추천함.
기본적인 웹 지식들과 문제 풀이에 필요한 정보가 하나의 PATH로 정리되어있어서 체계적이고 쉽게 학습이 가능했다
0% Completed
Total 0 completed
Lecture
0 /31
Excluded
31
Wargame
0 /13
13
Quiz
0 /15
15
The Lab is a practice and is not included in the overall progress.