Defense starts with offense: Learning to hack is learning to defend !!!

-- Hack and fix your site before someone else does !!!

-- Learn to hack your site so you can fix it the right way !!!!!

Outline: (This course comes with a Certificate of Completion)

Web applications are a critical interface for the organization, customers and employees. Attacks on these vital components can disrupt business processes, allow theft of customer data and compromise the organization. Vulnerability scanners are limited in their ability to find flaws and some types of vulnerabilities plus they may find issues late in the development lifecycle. Teams must be proactive with continuous testing throughout the development and operation lifecycles.

Testing applications is a complex, specialized skill-set best learned through a combination of training and practice. Launch your testing program forward with expert guidance on the OWASP Top Ten. Critical concepts are taught with hands-on practice in real-world situations with OWASP Mutillidae II in the Octagon Training Environment ©.

This class is taught a certified penetration testing team leader, professional trainer and globally recognized expert. Propel your security testing program by providing your team the knowledge and skills needed to detect and remediate risky vulnerabilities.

Two-day hands-on workshop

• How the web really works + 5 labs

• SQL Injection + 6 labs

• Cross-site Scripting + 4 labs

• Insecure Direct Object References and File Inclusion + 4 labs

• Open Redirects + 2 labs

• Attacking Authentication + 10 labs

Instructor: Jeremy "webpwnized" Druin, Certified Principal Security Architect OSCP, GISF, GSEC, GCIH-GOLD, GWAPT-GOLD, GPEN, GMOB, GXPN-GOLD, Sec+

• LinkedIn: https://www.linkedin.com/in/jeremydruin/

• YouTube: https://www.youtube.com/user/webpwnized

• Twitter: https://twitter.com/webpwnized

Jeremy is Principal Security Architect for a Fortune 100 company where he built the application security, bug bounty and penetration testing programs. Jeremy is also the owner of Ellipsis

Information Security and teaches courses for SANS Institute and KEP Training

As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on various

information security topics along with operating the "webpwnized" YouTube video channel.

Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment.

Jeremy has a Bachelors in Computer Science from Indiana University, a Graduate Certificate in

Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIACcertified Web Application, Mobile and Network Security Penetration Tester.