Day 1
Information gathering, profiling and cross-site scripting
- Understand HTTP protocol
- Identify the attack surface
- Username enumeration
- Information disclosure
- Issues with SSL / TLS
- Cross-site scripting
Day 2
Injection, flaws, files and hacks
- SQL injection
- XXE attacks
- OS code injection
- Local / remote file include?
- Cryptographic weakness
- Business logic flaws
- Insecure file uploads