>tfw this timeline is filled with comedy gold, such as 3K$ "web hacker course" The Web Application Hacker's Handbook, Live Edition Marcus Pinto, MDSec | July 22-23 & July 24-25 Early
$3,600 ENDS MAY 19 2359 PT Regular
$3,900 ENDS JULY 7 2359 PT Late
$4,100 ENDS JULY 21 2359 PT On-Site
$4,200 ENDS JULY 24
Overview The course syllabus follows the chapters of the Second Edition of The Web Application Hacker's Handbook, with strong focus on practical attacks and methods. After a short introduction to the subject we delve into common insecurities in logical order:
Introduction to Web Application Security Assessment (Chapters 1-3) Automating Bespoke Attacks: Practical hands-on experience with Burp Suite (Chapter 13) Application mapping and bypassing client-side controls (Chapters 4-5) Failures in Core Defense Mechanisms: Authentication, Session Management, Access Control, Input Validation (Chapters 6-8) Injection and API flaws: (Chapters 9-10) User-to-User Attacks (Chapters 12-13)
Attendees will gain theoretical and practical experience of:
Real-world, 2015 techniques in blind / parameter XXE injection, request method abuse, relative path overwrites, XSS filter evasion How to hack using all of the "OWASP top 1"...from SQLi to LDAP, XPath, SOAP, Java Deserialisation, Server Side Template Injection How to quickly and efficiently pinpoint and exploit vulnerabilities in web applications The real risk: how to turn XSS/CSRF vulnerabilities into full account compromise Harnessing new technologies such as HTML5, NoSQL, and Ajax New attack types and techniques: Bit Flipping, Padding Oracle, Automated Access Control checking How to immediately recognize and exploit Logic Flaws
For more detailed information about the course's practical structure, see the Web Application Hacker's Methodology chapter from the original version of the book. Who Should Take this Course Provided delegates have an understanding of the HTTP protocol, and can learn a bit of HTML and JavaScript they will do well on the course. Programming is useful but not required to complete the course.
This course benefits attendees who have been performing application security assessments for anywhere between 6 months to 4 years.
Attendees who have experience in technical security but not necessarily a lot against web applications are also welcome, although they are expected to understand the HTTP protocol, and have basic SQL and JavaScript.
Developers wanting to see attacker tricks and techniques are also welcome. Student Requirements An Understanding of HTTP (eg the GET and POST methods and how they differ) Some basic understanding of JavaScript and HTML What Students Should Bring
Your own laptop The ability to set your proxy (make sure of this if you are using a corporate laptop) A version of the JRE, capable of running Burp Suite. Try the free version of Burp Suite from www.portswigger.net to make sure it works As networks are set up with Wifi, please ensure that your laptop will allow you to configure and join typical Wifi networks.
What Students Will Be Provided With
A 2-week full version of Burp Suite Professional Edition Course slides Access to 400 lab examples during the course
Name:
Anonymous2018-06-04 11:55
I’m gonna read this book. Anyone else?
Let’s start a /prog/ book club, starting with this book. We can come up with a reading and discussion schedule.
I am 100% serious.
Name:
Anonymous2018-06-04 13:04
>>8 I've been already reading it at work while my codans were compiling.
Name:
Anonymous2018-06-04 13:31
>>9 Isn't your boss going to be angry if he finds you goofing around on the computer?