$1,100

Practical Web Application Penetration Testing: with Tim Tomes!

Event Information

Share this event

Date and Time

Location

Location

Caci Inc-Federal

1141 Remount Road

Suite 300

North Charleston, SC 29406

View Map

Refund Policy

Refund Policy

No Refunds

Event description

Description

BSides Charleston, a 501C3 nonprofit that aims to bring the best information security training to the region, is excited to have back by popular demand Tim Tomes (@lanmaster53) for his class Practical Web Application Penetration Testing! Don't miss this great two day course going April 19 and 20!

Course Description

PWAPT provides comprehensive training on the latest open source tools and manual techniques for performing end-to-end web application penetration testing engagements. After a quick overview of the penetration testing methodology, the instructor will lead students through the process of testing and exploiting a target web application using the techniques and approaches developed from a career of real world application penetration testing experiences. Students will be introduced to the best tools currently available for the specific steps of the methodology, including Burp Suite Pro, and taught how to integrate these tools with manual testing techniques to maximize effectiveness. A major goal of this course is teaching students the glue that brings the tools and techniques together to successfully perform a web application penetration test from beginning to end, an oversight in most web application penetration testing courses. The end result is an individual with the confidence and skill set to conduct consultative web application penetration testing engagements.

The majority of the course will be spent performing an instructor led, hands-on web application penetration test against a target application built specifically for this class using a modern technology stack (Python Flask and React) and including real vulnerabilities as encountered in the wild. No old-school vanilla PHP stuff here folks. Students won't be given overly simplistic steps to execute independently. Rather, at each stage of the test, the instructor will present the goals that each testing task is to accomplish and perform the penetration test in front of the class while students do it on their own machine. Primary emphasis of these instructor led exercises will be placed on how to integrate the tools with manual testing procedures to improve the overall work flow. This experience will help students gain the confidence and knowledge necessary to perform web application penetration tests as an application security professional.

PWAPT is a PortSwigger preferred Burp Suite Training course. PWAPT students will learn basic and advanced usage techniques for Burp Suite Pro, as well as discover obscure functionality hidden within the vast capabilities of the tool. Students will also receive a ~2 week trial license for Burp Suite Pro to use during and after the course.

For additional insight into the origin, mission, and benefits of PWAPT, listen to my interview with Timothy De Blockfor the Exploring Information Security podcast on the topic of "What is Practical Web Application Penetration Testing?"


Course Outline

Day 1:

  • Methodology
  • Reconnaissance
  • Mapping
  • Automated Discovery
  • Manual Discovery

Day 2:

  • Manual Discovery (cont.)
  • Exploitation
  • Web Services
  • Remediation


Skill Requirements

Students taking this course should have introductory knowledge of the OWASP Top 10. Students do not need to be comfortable with with explaining, finding, or exploiting common web vulnerabilities, but some level of exposure is ideal. This is not an advanced course. However, we will strive to cover advanced topics if the ability level of the student population allows.

This course contains code remediation content that includes discussions on the proper techniques for mitigating vulnerabilities, and exercises where the instructor and students modify the application's source code to implement mitigating controls and test them for effectiveness. While not required, a basic understanding of programming concepts will allow students to better relate to the terminology and techniques demonstrated for properly remediating the discussed vulnerabilities.

For more information, such as technical requirements and testimonials, please check out Tim's website.


Share with friends

Date and Time

Location

Caci Inc-Federal

1141 Remount Road

Suite 300

North Charleston, SC 29406

View Map

Refund Policy

No Refunds

Save This Event

Event Saved