[Owasp-bayarea] Free Introduction to WebApp Pentesting Class, October, Mountain View
cory at crazypenguin.com
Wed Sep 14 12:12:54 EDT 2011
Please feel free to pass on to your colleagues. *
The class size is limited, so please sign up soon at
Breaking Apps: An Introduction to Web Application Pentesting
This is a 6-hour intensive survey of web security from the vantage point
of professional app breakers, delivered over two consecutive Wednesday
We're offering a brief intro to the principles of application security,
followed by hands-on exercises aimed at getting you started actually
exploiting application security vulnerabilities. We'll be using Burp
Suite, the industry standard tool for web pentesting, and using it to
uncover functionality, capture and manipulate HTTP requests, and exploit
a wide variety of common and subtle flaws.
Developers who want to know more about the threats their apps face, or
want to wipe the smug looks off the face of their next appsec audit team.
QA/QC testers or devops staff who want to integrate more app security
testing into their testing, staging, and monitoring plans.
Network security staff who want to move "up the stack" into app testing,
and are looking for a strong, assertive push. Particularly testers who
have been leaning on automated scanners and would like to lose the crutch.
Wednesday, October 19 (Part I: Introduction, Toolchain, Discovery,
Wednesday, October 26 (Part II: Injection) 6-9pm
Mountain View's beautiful Hacker Dojo, located at 140A South Whisman
Rd, Mountain View, CA 94041
CHEAP AS FREE.
This is an open-enrollment, zero cost event. Enrollment is limited, so
sign up early.
An interest in breaking web applications. That's mostly it.
No previous experience in web application penetration testing expected
A working knowledge of web development on any stack, from J2EE to
Django, would be helpful but is not absolutely required.
You will need to bring a laptop with wireless functionality.
We will send some introductory reading material and toolchain setup
instructions to registered students prior to class.
If you have experience with testing proxies, finding cross-site
scripting, exploiting Clickjacking and blind SQL injection, spidering
applications, and all that stuff: this isn't for you. (If you want to
help teach, we'd love to talk to you).
. Introduction to Web Application Security Principles
. Building your toolchain
. Discovering content and mapping the attack surface
. Manipulating Requests, including exploiting Insecure Direct
. Injection Attacks, including Cross-Site Scripting and SQL Injection
. Automating Injection Attacks
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-bayarea