burpsuite | Ekoparty security conference

BURP SUITE WORKSHOP

If you have ever wondered how security professionals hack into your web applications, then this workshop is ideal for you. The techniques covered in this workshop can be immediately implemented to increase the security of your organization.

Environment

This two day training is an instructor-led workshop aimed to improve your ability to find vulnerabilities in web applications and web services. The workshop covers the process of hacking a web application, from the initial mapping and analysis, probing for common vulnerabilities, to exploitation techniques.

Training

Requirements You won’t need vast security knowledge, just a basic technical background and a readiness to learn. Ideally, you should have a basic knowledge of networking and how web applications work. An understanding of one or more programming languages such as PHP, JSP, ASP, and ASP.NET is an advantage.

What will you learn

Day 1

A1 Injection

Exploring and exploiting databases and operating systems

A2 Broken Authentication and Session Management

Exploration of common broken authentication mechanisms, and session tokens

A3 Sensitive Data Exposure

How to find sensitive data on the client side and during transmission

A4 XML External Entities

How to find and exploit XML vulnerabilities in an application

Day 2

A5 Broken Access Control

Identifying common access control mistakes, and exploiting them to gain access into an application

A6 Security Misconfiguration

Investigating security flaws that can lead to unexpected outcomes in an application

A7 Cross-Site Scripting (XSS)

Understanding and exploiting how JavaScript interacts with HTML

A8 Insecure Deserialisation

Investigating serialised data, what it is, how it can be manipulated and what the result is

A9 Using Components with Known Vulnerabilities

Identifying out of date services in a web application

A10 Insufficient Logging and Monitoring

What to expect from logging and monitoring in a web application, and what can be done on the web application side to improve Logging and Monitoring

Instructor

Aaron Burrows

Aaron is a CREST Certified Tester, that has worked in the security industry as a consultant for 10 years. His fieldwork, delivery of projects, and penetration testing has given him a breadth of experience of the years. Aaron uses his expertise in application development and design to gain insights into securing web applications, platforms and databases. He has extensive experience in penetration tests in financial institutions, the gambling industry, retail websites and other industries. Aaron has been the driver of Alcorn Group’s training, and his interest in sharing security knowledge with others led to the creation of Alcorn Group’s OWASP Top 10 training. This training has been delivered to developers, Security analysts, Systems Administrators, and Network Engineers.

ENGLISH

2 days

September 20, 21

ONLINE

Cost

USD 1250

Save Your Seat

QUESTIONS?

Email us at capacitacion@ekoparty.org