Expand the capabilities of individuals with 3-4 years of experience in web application security assessment, by providing exposure to new technologies, logic puzzles, and writing burp extensions.
Training level: Intermediate to Advanced
The course is heavily lab-based.
Day 1: Setting up, Tooling Up, Arming Up.
on day 1 we help delegates locate areas of applications they may easily miss. We advise them on the best pre-written burp extensions and describe the process of writing extensions
Day 2: Levelling Up
on day 2 we walk delegates through the design vulnerabilities, covering Access Controls, Logic flaws, and how to really compromise encryption (no weak SSL ciphers or theoretical stuff here)
Day 3: Breaching the Server
on day 3 we look at breaching the server using today's popular coding-related flaws: SSRF, Deserialisation, SSTI, File format exploitation, and Input Validation
Laptop with access to install and use Burp Suite Professional (a 3-week trial license for Professional will be provided with the course)
Software Engineers, Quality Assurance teams as well as seasoned Web Application Testers or Consultants moving over from Infrastructure / Network assessment backgrounds
Marcus Pinto is the author of the Web Application Hacker's Handbook, still widely regarded as the leading text on professional application security assessment today. Marcus is director of MDSec Consulting Limited, working at the forefront of the industry with worldwide clients.