$1,050 – $1,350

1 Day - Web Application Penetration testing Workshop by Sunny Wear

Event Information

Share this event

Date and Time

Location

Location

Rhode Island College

600 Mount Pleasant Avenue

Providence, RI 02908

View Map

Refund Policy

Refund Policy

Refunds up to 30 days before event

Eventbrite's fee is nonrefundable.

Event description
One day workshop using Burp Suite to hone your web application penetration testing skills.

About this Event

Class Description: Gain hands-on experience with Burp Suite in this workshop with the author of the Burp Suite Cookbook, Dr. Sunny Wear, D.Sc. You will learn how to use Burp Suite to hone your web application penetration testing skills. Each student receives a virtualized environment complete with a copy of Burp Suite and a vulnerable web application to hack. Lessons covered in the workshop include Burp configuration settings, Injections attacks such as Cross-site Scripting and SQL Injection attacks, automated attacks using Intruder, recommended BApp extensions and their uses, and finally, how to build and use Burp Macros.

Syllabus

  • Module 0: Lab Setup – this portion of the class ensures all students have a working, virtualized, test environment running on their local laptops. Verification is performed to ensure web traffic is flowing between the student’s browser, Burp, and the target application.
  • Module 1: Information Gathering and Burp Configuration – this portion of the class steps through the “dials” of Burp, fine-tuning settings to ensure the best configuration for a given assessment. Step-by-step explanations and settings are configured for Target, Proxy, Spider, and Scanner tools within the Burp Suite as well as initiating reconnaissance of the target.
  • Module 2,3,4: Authentication, Authorization, and Session Management Testing: Brute-Force with Intruder, Diff with Comparer – this portion of the class explains and demonstrates the attack types available in Intruder along with how to know when to use substitution markers as well as the use of different payloads based on different scenarios. The student will perform some exercises to reinforce these concepts. Comparer is used by the students to understand how to analyze different responses when performing an HTML Injection attack exercise.
  • Module 5,6,7: Data Validation and Business Logic Testing: Client-side attacks – this portion of the class explains the three types of Cross-site Scripting with a demonstration and student exercises of each. The exercises include Reflected, Stored, DOM-based, plus an additional exercise on JavaScript Injection.
  • Module 8: Extensions – this portion of the class provides students with a list of recommended extensions from the BApp store. Students are shown how to install and load each extension within Burp. Each extension is used in short demonstration/exercises, so students gain a contextual reference along with hands-on experience.
  • Module 9: Macros – this portion of the class includes an explanation of what Burp Macros are and which web assessment scenarios they are appropriate to use. A description of Session Handling Rules is provided as well as Sessions Tracer. Students are walked through the many steps together, with the instructor, on how to build a macro for valid logins.

Click here to see our other classes in our June training event.

NOTES:

  • Light breakfast and lunch are included.
  • Tickets for the Layer8 Conference are NOT included with training. Purchase conference ticket separately here.
  • Eventbrite fees are additional and will be calculated at checkout.

Audience: Technical security professionals looking to become proficient with web application testing.

Requirements: Each student must provide their own Laptop: Operating System: Windows 7 or above (with admin privilege) OR Any Linux Distro OR MAC RAM: Minimum 4GB (but 8GB is preferred) Hard disk: Minimum 50GB free space Oracle Virtual Box

Software will be provided via a USB drive but having VB already installed will accelerate the process for getting students into the content.

Trainer Info: Dr. Sunny Wear is a Security Architect and Penetration Tester who holds a Doctor of Science in Cybersecurity. Her breadth of experience includes network, data, application and security architecture as well as programming across multiple languages and platforms. She is the author of several security-related books including her most recent, Burp Suite Cookbook, which assists pentesters and programmers in more easily finding vulnerabilities within applications while using Burp Suite. She conducts security talks and classes locally and at conferences like BSides Tampa, AtlSecCon, Hackfest CA, BSides Springfield, BSides Orlando and Defcon 27

LinkedIn: https://www.linkedin.com/in/sunny-wear/

Twitter: https://twitter.com/SunnyWear

Share with friends

Date and Time

Location

Rhode Island College

600 Mount Pleasant Avenue

Providence, RI 02908

View Map

Refund Policy

Refunds up to 30 days before event

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved