Server-Side Web Attacks
Learn server-side web attacks that target the application's trusted backend behavior rather than the browser. These flaws are especially dangerous because they let attackers make the server fetch internal resources, parse malicious documents, or trust forged authentication tokens. This course teaches you how SSRF, XXE, and JWT manipulation work and how attackers chain them into deeper server-side compromise.
Why It Matters
Server-side flaws break assumptions that teams often trust too much. If an application can reach internal services on behalf of a user, read local files through unsafe parsing, or accept a forged token, the attacker can often bypass layers of segmentation and access control that looked secure from the outside.
This course focuses on high-impact attack chains. You will learn how to force backend requests, abuse XML parsing, inspect and modify JWTs, and combine server-side weaknesses to extract secrets and impersonate privileged users.
What You Will Learn
- Exploit SSRF to reach internal services and protected backend resources.
- Abuse XXE to read local files and extract sensitive server-side data.
- Decode, analyze, and manipulate JWT-based authentication tokens.
- Understand how token trust and parser behavior create security gaps.
- Chain server-side weaknesses into a realistic privileged access compromise.
Course Roadmap
- Server-Side Request Forgery (SSRF): Force a target server to make requests you could not send directly.
- XML External Entity (XXE) Injection: Exploit unsafe XML parsing to read sensitive local data.
- JWT Manipulation Basics: Analyze token structure and abuse weak validation or signature handling.
- Server-Side Exploitation Challenge: Chain multiple weaknesses to recover secrets and bypass administrative controls.
Who This Course Is For
- Learners progressing from basic web flaws to deeper server-side exploitation.
- Security testers who need hands-on practice with high-impact backend attack paths.
- Defenders who want to understand how trust boundaries fail in web applications and APIs.
Outcomes
By the end of this course, you will be able to identify and exploit common server-side web weaknesses, explain why they are dangerous, and reason about how they combine into serious application compromise.
