[Owasp-boston] Web App Pentest Training w/ Remediation in Boston

Mike P mikeaperez1 at gmail.com
Mon Dec 5 02:27:34 UTC 2016


OWASP Boston is putting on the 3 Day Developer Edition of Practical Web
Application Pentest Training (PWAPT) w/ Tim Tomes

Sign-Up: http://tinyurl.com/PWAPTJan17
Cost: $900
When: Wednesday, January 25, 2017 8:00 AM to Friday, January 27, 2017, 5:00
PM
Location: 1601 Trapelo Rd, Waltham, MA
Instructor: Tim “Lanmaster53” Tomes, who has taught at SANS, BlackHat &
DerbyCon

[image: Inline image 1]


The Developer Edition contains the same content as the original PWAPT
course (Standard Edition), but adds a full day of code remediation lecture
and exercises. The code remediation content includes discussions on the
proper techniques for mitigating vulnerabilities, and exercises where the
instructor and students will modify the application's source code to
implement mitigating controls and test them for effectiveness.

This course provides customized training on the latest open source tools
and manual techniques for performing end-to-end web application penetration
testing engagements. After a quick overview of the penetration testing
methodology, the instructor will lead students through the process of
testing and exploiting a target web application using the techniques and
approaches developed from a career of real world application penetration
testing experiences. Students will be introduced to the best open source
tools currently available for the specific steps of the methodology,
including Burp Suite Pro, and taught how to integrate these tools with
manual testing techniques to maximize effectiveness. A major goal of this
course is teaching students the glue that brings the tools and techniques
together to successfully perform a web application penetration test from
beginning to end, an oversight in most web application penetration testing
courses.

The majority of the course will be spent performing an instructor led,
hands-on web application penetration test against a target application
built specifically for this class using a modern technology stack (Python
Flask) and including real vulnerabilities as encountered in the wild. No
old-school vanilla PHP stuff here folks. Students won’t be given overly
simplistic steps to execute independently. Rather, at each stage of the
test, the instructor will present the goals that each testing task is to
accomplish and perform the penetration test in front of the class while
students do it on their own machine. Primary emphasis of these instructor
led exercises will be placed on how to integrate the tools with manual
testing procedures to improve the overall work flow. This experience will
help students gain the confidence and knowledge necessary to perform web
application penetration tests as an application security professional.

More information is at:

http://www.lanmaster53.com/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20161204/5a475b3a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 321000 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20161204/5a475b3a/attachment-0001.png>


More information about the Owasp-boston mailing list