[Owasp-bayarea] Free Introduction to WebApp Pentesting Class, October, Mountain View

Cory Scott cory at crazypenguin.com
Wed Sep 14 12:12:54 EDT 2011 

Please feel free to pass on to your colleagues. *

The class size is limited, so please sign up soon at
http://breakingapps.eventbrite.com *

Breaking Apps:  An Introduction to Web Application Pentesting

This is a 6-hour intensive survey of web security from the vantage point
of professional app breakers, delivered over two consecutive Wednesday
evenings.
We're offering a brief intro to the principles of application security,
followed by hands-on exercises aimed at getting you started actually
exploiting application security vulnerabilities. We'll be using Burp
Suite, the industry standard tool for web pentesting, and using it to
uncover functionality, capture and manipulate HTTP requests, and exploit
a wide variety of common and subtle flaws.

Who

Developers who want to know more about the threats their apps face, or
want to wipe the smug looks off the face of their next appsec audit team.
QA/QC testers or devops staff who want to integrate more app security
testing into their testing, staging, and monitoring plans.
Network security staff who want to move "up the stack" into app testing,
and are looking for a strong, assertive push. Particularly testers who
have been leaning on automated scanners and would like to lose the crutch.

When
Wednesday, October 19 (Part I: Introduction, Toolchain, Discovery,
Manipulation) 6-9pm
Wednesday, October 26 (Part II: Injection) 6-9pm

Where
Mountain View's beautiful Hacker Dojo, located at 140A South Whisman
Rd, Mountain View, CA 94041

Cost
CHEAP AS FREE.
This is an open-enrollment, zero cost event. Enrollment is limited, so
sign up early.

Prerequisites
An interest in breaking web applications. That's mostly it.
No previous experience in web application penetration testing expected
or required.
A working knowledge of web development on any stack, from J2EE to
Django, would be helpful but is not absolutely required.
You will need to bring a laptop with wireless functionality.
We will send some introductory reading material and toolchain setup
instructions to registered students prior to class.

Anti-Prerequisites
If you have experience with testing proxies, finding cross-site
scripting, exploiting Clickjacking and blind SQL injection, spidering
applications, and all that stuff: this isn't for you. (If you want to
help teach, we'd love to talk to you).
High-level outline
    .    Introduction to Web Application Security Principles
    .    Building your toolchain
    .    Discovering content and mapping the attack surface
    .    Manipulating Requests, including exploiting Insecure Direct
Object References
    .    Injection Attacks, including Cross-Site Scripting and SQL Injection
    .    Automating Injection Attacks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bayarea/attachments/20110914/89884fcc/attachment.html

More information about the Owasp-bayarea mailing list