Monday - 16 February

JOSA Workshop | Web Enumeration

Event thumbnail

Web enumeration helps uncover how a web application is structured and what it exposes. Whether you're interested in cybersecurity, bug bounties, or just want to understand how the web works under the hood, this workshop will give you practical, fun, and highly transferable skills that you can apply across real-world security testing and web analysis scenarios.

In this hands-on workshop, participants will explore the core concepts of Web Enumeration, the first and most important step in web security testing. Through live demos and interactive exercises, you will learn how to think like a hacker and systematically discover what's really happening behind a website.

By the end of the workshop, participants are expected to:

  • Perform structured web enumeration using manual and automated techniques
  • Identify valuable attack surfaces from HTTP responses, headers, and application behavior
  • Use open-source tools like Gobuster, FFUF, Nmap, and dig for directory fuzzing, DNS enumeration, and service discovery
  • Build an enumeration workflow applicable to real-world pentesting and bug bounty scenarios

Who Should Join?

This workshop targets IT and Cybersecurity university students who are curious about how the web works. Just bring your curiosity and a willingness to explore.

Requirements

Basic understanding of how websites work (HTTP requests, URLs, cookies) and familiarity with the command line. No prior penetration testing experience is required.

  • A laptop with a Linux virtual machine (Kali Linux preferred for its preinstalled open-source penetration testing tools)

Outline

12:00 - 12:15

 

Introduction to Web Enumeration

  • What enumeration is and why it matters
  • Enumeration vs scanning vs exploitation
  • Real-world mindset: bug bounty & pentesting

12:15 - 12:45

 

Directories & Files Enumeration

  • How web servers expose hidden directories and files
  • Directory and file brute forcing with Gobuster and Dirb
  • Common file extensions and backup files (.bak, .old, .zip, .git, etc.)
  • Using and customizing wordlists with SecLists

12:45 - 13:15

 

DNS & Subdomains Enumeration

  • DNS records (A, AAAA, MX, TXT, NS) and why they matter
  • Subdomain discovery techniques and bruteforcing
  • Manual DNS enumeration with dig
  • Virtual hosts vs subdomains

13:20 - 13:35

 

Technology & Application Fingerprinting

  • Identifying web servers, frameworks, and languages with Wappalyzer
  • Fingerprinting via headers, errors, and responses
  • Service discovery with Nmap

13:35 - 13:45

 

Crawling & Content Discovery

  • Crawling vs brute forcing
  • Well-known paths and predictable endpoints
  • Advanced fuzzing with FFUF

13:45 - 14:15

 

Search Engine Discovery & Web Archives

  • Using search engines for hidden content
  • Google dorks (conceptually, safely)
  • Web archives (Wayback Machine) for historical endpoints

14:15 - 14:45

 

Hands-On Practice: Full Web Enumeration Scenario

14:45 - 15:00

 

Instructor Walkthrough & Wrap-Up

Registration

This workshop is free of charge, but seats are limited.

  • Apply to this workshop by filling out the form below. No additional confirmation is needed.
  • Priority is given to JOSA Members.

 

Register

 

Facilitator

Speaker Image

Tareq Obeidat

Cyber Security Engineer

Date and Time

Monday, 16 February 2026

From 12:00 to 15:00 Jordan Time


09:00

From 09:00 to 12:00 UTC

Location

Jordan Open Source Association (JOSA)

Center for Innovation and Entrepreneurial Excellence King Hussein Business Park

Amman, Jordan