This 3-day training session, derived from the mighty 7-day coursework at Ruhr-University in Bochum, aims to teach attendees about the most relevant parts of modern web security, from server-side layers all the way up to the browser and the DOM.
Starting at HTTP and the very basics, looking at HTTP Request Smuggling, understanding Cookies, simple and then more advanced injection techniques, and more, the trainer will guide the attendees through a journey covering all that is relevant in the realm of web penetration-testing, securing applications and spotting issues that others might just overlook.
Training level: Basic; Intermediate; Advanced
Three days are not a long time for a complex and broad topic like this one, and it depends on many factors on how many topics can be covered.
We'll have the following items on our web security tasting menu and hope to look into as many as possible:Chapter 1: History & Basics
Penetration-Testers, Developers, SecDevOps, and everyone who aims to work hands-on in Web- and Browser-Security.
A working laptop would really be helpful, ideally with software such as Burp, ZAP or Fiddler preinstalled. The course can be enjoyed without, but it would be sad to miss out on the hands-on exercises.
All slides and helpful material. Access to those via GitHub, including a ticket tracker for questions after the training. Hands-on exercises via PortSwigger's legendary Web Security Academy.
A training that aims to deliver practical and useful knowledge from someone who has conducted and managed hundreds of pen tests in the past years.
The course will be derived from a University lecture, so expect a ratio of 80% lectures and 20% hands-on. Don't expect knowledge about 0-days or secret intel, this course is about learning, understanding, and applying the gained knowledge reasonably.
Great looks, athletic posture, melodic voice, latest-trend fashion, and a tiny bit of knowledge about web security and penetration testing.