You will transform any company into a secure environment, free of cyber threats, thanks to this Postgraduate diploma”

IT specialists are a valuable intangible asset for today's organizations. One of the main reasons is that regular audits help to identify and address potential vulnerabilities in advance. In this way, they stay ahead of crimes that hackers may commit, while turning online environments into secure zones.

In this way, users are guaranteed to be able to safely and freely navigate their network and purchase both goods and services. However, in view of the increase in these practices, computer scientists face the challenge of constantly updating their knowledge, implementing the most revolutionary techniques to deal with them.  

In this context, TECH has developed the most complete Postgraduate diploma in Advanced Web Hacking in the academic market. Through this program, graduates will be at the forefront of cybersecurity and will have a wide range of tactics to protect restricted information. In addition, strategies for exploiting sophisticated vulnerabilities will be discussed in depth.  

The professional will also focus on implementing effective security measures, such as intrusion detection systems. Emphasis will also be placed on switching to interconnect equipment from all sections of the organization chart on the same network.

Likewise, the keys to writing technical and executive reports will be provided. In this regard, we will delve into how to expose sensitive data, focusing the report on customers. Finally, various methodologies for measuring actual operational safety will be explored. 

To consolidate the mastery of the contents, this training applies the innovative Relearning system, which promotes the assimilation of complex concepts through the natural and progressive reiteration of the same. The program is also supported by materials in various formats, such as infographics and explanatory videos. All this in a convenient 100% online modality, which allows each person to adjust his or her schedule to his or her responsibilities. 

You will crack passwords that have been stored on computers and anticipate hacker attacks”

This Postgraduate diploma in Advanced Web Hacking contains the most complete and up-to-date program on the market. The most important features include:

• The development of case studies presented by experts in Advanced Web Hacking
• The graphic, schematic and eminently practical content of the system provides complete and practical information on those disciplines that are essential for professional practice
• Practical exercises where the self-assessment process can be carried out to improve learning 
• Its special emphasis on innovative methodologies  
• Theoretical lessons, questions to the expert, debate forums on controversial topics, and individual reflection assignments 
• Content that is accessible from any fixed or portable device with an Internet connection

You will explore the OSI model and understand the communication processes in network systems. And in just 6 months!" 

The program’s teaching staff includes professionals from the field who contribute their work experience to this educational program, as well as renowned specialists from leading societies and prestigious universities.  

The multimedia content, developed with the latest educational technology, will provide the professional with situated and contextual learning, i.e., a simulated environment that will provide immersive education programmed to learn in real situations.

This program is designed around Problem-Based Learning, whereby the professional must try to solve the different professional practice situations that arise during the academic year For this purpose, the students will be assisted by an innovative interactive video system created by renowned and experienced experts.   

You will delve into DOM vulnerabilities and prevent advanced attacks with the most effective strategies"

Forget about memorizing! With the Relearning methodology you will integrate the concepts in a natural and progressive way"

This program comprises 3 complete modules: Advanced Web Hacking; Network Architecture and Security; and Technical and Executive Reporting. With the support of veteran faculty, advanced tactics for securing enterprise networks through the implementation of firewalls will be addressed. Intrusion detection, including HHTP Request Smuggling, will also be further developed. The importance of having VLANs to separate data traffic in the same online environment will also be discussed, and the reporting process will be explored in order to present accurate and detailed reports.  

You will access a learning system based on repetition, with a natural and progressive teaching throughout the entire syllabus”

Module 1. Advanced Web Hacking  

1.1. Operation of a Website  

1.1.1. The URL and Its Parts  
1.1.2. HTTP Methods  
1.1.3. The Headers 
1.1.4. How to View Web Requests with Burp Suite 

1.2. Session  

1.2.1. Cookies  
1.2.2. JWT Tokens  
1.2.3. Session Hijacking Attacks  
1.2.4. Attacks on JWT  

1.3. Cross Site Scripting (XSS)  

1.3.1. What is a XSS  
1.3.2. Types of XSS  
1.3.3. Exploiting an XSS  
1.3.4. Introduction to XSLeaks  

1.4. Database Injections  

1.4.1. What Is a SQL Injection  
1.4.2. Exfiltrating Information with SQLi  
1.4.3. SQLi Blind, Time-Based and Error-Based  
1.4.4. NoSQLi Injections  

1.5. Path Traversal and Local File Inclusion  

1.5.1. What They Are and Their Differences  
1.5.2. Common Filters and How to Bypass Them  
1.5.3. Log Poisoning  
1.5.4. LFIs in PHP  

1.6. Broken Authentication  

1.6.1. User Enumeration  
1.6.2. Password Bruteforce  
1.6.3. 2FA Bypass  
1.6.4. Cookies with Sensitive and Modifiable Information  

1.7. Remote Command Execution  

1.7.1. Command Injection  
1.7.2. Blind Command Injection  
1.7.3. Insecure Deserialization PHP  
1.7.4. Insecure Deserialization Java 

1.8. File Uploads  

1.8.1. RCE through Webshells  
1.8.2. XSS in File Uploads  
1.8.3. XML External Entity (XXE) Injection  
1.8.4. Path traversal in File Uploads  

1.9. Broken Access Control  

1.9.1. Unrestricted Access to Panels  
1.9.2. Insecure Direct Object References (IDOR)  
1.9.3. Filter Bypass  
1.9.4. Insufficient Authorization Methods  

1.10. DOM Vulnerabilities and More Advanced Attacks  

1.10.1. Regex Denial of Service  
1.10.2. DOM Clobbering  
1.10.3. Prototype Pollution  
1.10.4. HTTP Request Smuggling  

Module 2. Network Architecture and Security  

2.1. Computer Networks  

2.1.1. Basic Concepts: LAN, WAN, CP, CC Protocols  
2.1.2. OSI and TCP/IP Model  
2.1.3. Switching: Basic Concepts  
2.1.4. Routing: Basic Concepts 

2.2. Switching  

2.2.1. Introduction to VLAN’ s  
2.2.2. STP  
2.2.3. EtherChannel  
2.2.4. Layer 2 Attacks 

2.3. VLAN´s  

2.3.1. Importance of VLAN’s  
2.3.2. Vulnerabilities in VLAN’s  
2.3.3. Common Attacks on VLAN’s  
2.3.4. Mitigations 

2.4. Routing  

2.4.1. IP Addressing - IPv4 and IPv6  
2.4.2. Routing: Key Concepts  
2.4.3. Static Routing  
2.4.4. Dynamic Routing: Introduction  

2.5. IGP Protocols  

2.5.1. RIP  
2.5.2. OSPF  
2.5.3. RIP vs OSPF  
2.5.4. Topology Needs Analysis 

2.6. Perimeter Protection  

2.6.1. DMZs  
2.6.2. Firewalls  
2.6.3. Common Architectures  
2.6.4. Zero Trust Network Access 

2.7. IDS and IPS  

2.7.1. Features  
2.7.2. Implementation  
2.7.3. SIEM and SIEM CLOUDS  
2.7.4. Detection based on HoneyPots  

2.8. TLS and VPN´s  

2.8.1. SSL/TLS 
2.8.2. TLS: Common Attacks  
2.8.3. VPNs with TLS  
2.8.4. VPNs with IPSEC 

2.9. Security in Wireless Networks  

2.9.1. Introduction to Wireless Networks  
2.9.2. Protocols  
2.9.3. Key Elements  
2.9.4. Common Attacks 

2.10. Business Networks and How to Deal with Them  

2.10.1. Logical Segmentation  
2.10.2. Physical Segmentation  
2.10.3. Access Control  
2.10.4. Other Measures to Take into Account 

Module 3. Technical and Executive Report  

3.1. Report Process  

3.1.1. Report Structure  
3.1.2. Report Process  
3.1.3. Key Concepts  
3.1.4. Executive vs Technical  

3.2. Guidelines  

3.2.1. Introduction  
3.2.2. Guide Types  
3.2.3. National Guides  
3.2.4. Case Uses  

3.3. Methods  

3.3.1. Assessment   
3.3.2. Pentesting  
3.3.3. Common Methodologies Review  
3.3.4. Introduction to National Methodologies  

3.4. Technical Approach to the Reporting Phase  

3.4.1. Understanding the Limits of Pentester  
3.4.2. Language Usage and Clues  
3.4.3. Information Presentation 
3.4.4. Common Errors  

3.5. Executive Approach to the Reporting Phase  

3.5.1. Adjusting the Report to the Context  
3.5.2. Language Usage and Clues  
3.5.3. Standardization  
3.5.4. Common Errors 

3.6. OSSTMM  

3.6.1. Understanding the Methodology  
3.6.2. Assessment  
3.6.3. Documentation  
3.6.4. Creating a Report  

3.7. LINCE  

3.7.1. Understanding the Methodology  
3.7.2. Assessment  
3.7.3. Documentation  
3.7.4. Creating a Report  

3.8. Reporting Vulnerabilities  

3.8.1. Key Concepts  
3.8.2. Scope Quantification  
3.8.3. Vulnerabilities and Evidence  
3.8.4. Common Errors  

3.9. Focusing the Report on the Customer  

3.9.1. Importance of Job Testing  
3.9.2. Solutions and Mitigations  
3.9.3. Sensitive and Relevant Data  
3.9.4. Practical Examples and Cases 

3.10. Reporting Retakes  

3.10.1. Key Concepts  
3.10.2. Understanding Legacy Information  
3.10.3. Error Checking  
3.10.4. Adding Information 

The teaching materials of this program, elaborated by these specialists, have contents that are completely applicable to your professional experiences”