WorkshopCon event:Professionally Evil AppSec for Developers by Secure Ideas

Event Information

Share this event

Date and Time

Location

Location

Forefront Center for Meetings & Conferences

404 Wyman Street

Waltham, MA 02451

View Map

Refund Policy

Refund Policy

Refunds up to 30 days before event

Eventbrite's fee is nonrefundable.

Event description
Join us for a 2 day class assessing and exploiting applications; including web and mobile applications, APIs, and HTTP-based systems

About this Event

Class Description: Join Secure Ideas for Professionally Evil Application Security (PEAS) Developer Edition.

This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems

Click here for a PDF of the full class description.

Click here to see our other training class Intro to Incident Response by TrustedSec .

Audience: Beginner to intermediate-level developers, IT professionals, and penetration testers

Requirements: Students will be required to provide their own laptop that can run a virtual machine. VMWare or VirtualBox may be used. Students should be familiar with how to use a virtual machine and copying files in and out of VMs.

Trainer Info: Secure Ideas is a dedicated team of experts who are passionate about technology and information security. Our primary objectives are to help companies improve their security postures and to train the next generation of security professionals.

Learn more at: https://www.secureideas.com/

Kevin Johnson, CEO

LinkedIn: https://www.linkedin.com/in/kevinjohnson/

Twitter: https://twitter.com/darth_kevin

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

Demos and labs: Students use the SamuraiWTF project environment to learn both attacks and defenses while in class. This environment provides realistic targets and tools which enables the attendees to understand how the techniques taught are used in the real world.

  • Introduction
  • Standards & Guidelines - PCI, HIPAA, OWASP, Other
  • Preparation - how the web works, tools used in assessing apps, test labs & class targets

Testing Methodology Overview

  • Reconnaissance
  • Mapping
  • Discovery
  • Exploitation

Server Side Vulnerabilities

  • Authentication and Session Management Issues
  • Access Control Flaws
  • Sensitive Data Exposure
  • Injection Flaws (Command Injection, SQLi, Buffer Overflows)

Fuzzing

  • Tool Set
  • Attack Sources
  • Context Understanding

Testing Web Services

  • Web Services Overview
  • Tools for testing Web Services
  • Critical Skills: Running Web Services
  • Web Service Vulnerabilities

Client Side Vulnerabilities

  • Cross-Site Scripting (XSS)
  • Open Redirects and Forwards
  • Cross-Site Request Forgery (CSRF)

Logic Flaws

  • Business Logic Issues
  • Race conditions and TOC/TOU issues

Defenses

  • Logging and Monitoring

Date and Time

Location

Forefront Center for Meetings & Conferences

404 Wyman Street

Waltham, MA 02451

View Map

Refund Policy

Refunds up to 30 days before event

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved