[Owasp-boston] 3 day training class Web App Pen Testing Jan 25 - 27

Jim Weiler jim.weiler at owasp.org
Tue Jan 10 22:03:53 UTC 2017

for more info go to  https://www.meetup.com/owaspboston/events/234639072/

and http://www.lanmaster53.com/training/

to sign up go to

The Developer Edition contains the same content as the original PWAPT
course (Standard Edition), but adds a full day of code remediation lecture
and exercises. The code remediation content includes discussions on the
proper techniques for mitigating vulnerabilities, and exercises where the
instructor and students will modify the application's source code to
implement mitigating controls and test them for effectiveness.

This course provides customized training on the latest open source tools
and manual techniques for performing end-to-end web application penetration
testing engagements. After a quick overview of the penetration testing
methodology, the instructor will lead students through the process of
testing and exploiting a target web application using the techniques and
approaches developed from a career of real world application penetration
testing experiences. Students will be introduced to the best open source
tools currently available for the specific steps of the methodology,
including Burp Suite Pro, and taught how to integrate these tools with
manual testing techniques to maximize effectiveness. A major goal of this
course is teaching students the glue that brings the tools and techniques
together to successfully perform a web application penetration test from
beginning to end, an oversight in most web application penetration testing

The majority of the course will be spent performing an instructor led,
hands-on web application penetration test against a target application
built specifically for this class using a modern technology stack (Python
Flask) and including real vulnerabilities as encountered in the wild. No
old-school vanilla PHP stuff here folks. Students won’t be given overly
simplistic steps to execute independently. Rather, at each stage of the
test, the instructor will present the goals that each testing task is to
accomplish and perform the penetration test in front of the class while
students do it on their own machine. Primary emphasis of these instructor
led exercises will be placed on how to integrate the tools with manual
testing procedures to improve the overall work flow. This experience will
help students gain the confidence and knowledge necessary to perform web
application penetration tests as an application security professional.

More information is at:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20170110/67936e3b/attachment.html>

More information about the Owasp-boston mailing list