If you have ever wondered how security professionals hack into your web applications, then this workshop is ideal for you. The techniques covered in this workshop can be immediately implemented to increase the security of your organization.


This two day training is an instructor-led workshop aimed to improve your ability to find vulnerabilities in web applications and web services. The workshop covers the process of hacking a web application, from the initial mapping and analysis, probing for common vulnerabilities, to exploitation techniques.


Requirements You won’t need vast security knowledge, just a basic technical background and a readiness to learn. Ideally, you should have a basic knowledge of networking and how web applications work. An understanding of one or more programming languages such as PHP, JSP, ASP, and ASP.NET is an advantage.


What will you learn

Day 1

A1 Injection
Exploring and exploiting databases and operating systems
A2 Broken Authentication and Session Management
Exploration of common broken authentication mechanisms, and session tokens
A3 Sensitive Data Exposure
How to find sensitive data on the client side and during transmission
A4 XML External Entities
How to find and exploit XML vulnerabilities in an application

Day 2

A5 Broken Access Control
Identifying common access control mistakes, and exploiting them to gain access into an application
A6 Security Misconfiguration
Investigating security flaws that can lead to unexpected outcomes in an application
A7 Cross-Site Scripting (XSS)
Understanding and exploiting how JavaScript interacts with HTML
A8 Insecure Deserialisation
Investigating serialised data, what it is, how it can be manipulated and what the result is
A9 Using Components with Known Vulnerabilities
Identifying out of date services in a web application
A10 Insufficient Logging and Monitoring
What to expect from logging and monitoring in a web application, and what can be done on the web application side to improve Logging and Monitoring


Aaron Burrows

Aaron is a CREST Certified Tester, that has worked in the security industry as a consultant for 10 years. His fieldwork, delivery of projects, and penetration testing has given him a breadth of experience of the years. Aaron uses his expertise in application development and design to gain insights into securing web applications, platforms and databases. He has extensive experience in penetration tests in financial institutions, the gambling industry, retail websites and other industries. Aaron has been the driver of Alcorn Group’s training, and his interest in sharing security knowledge with others led to the creation of Alcorn Group’s OWASP Top 10 training. This training has been delivered to developers, Security analysts, Systems Administrators, and Network Engineers.



2 days

September 20, 21




Email us at capacitacion@ekoparty.org