Loading…
BSides Boston 2016 has ended
Friday, May 20 • 10:00am - 5:30pm
Advanced Web Hacking [Full day class]

GuidePoint Security’s Advanced Web Hacking class heavily emphasizes hands on learning through an instructor led, simulated Web Application Assessment against a proprietary web application that was built specifically for this course. Throughout the course, students will perform OSINT gathering, Application Discovery, manual vulnerability identification, and various exploitation techniques. The course moves beyond the basic OWASP Top 10 Web Application Vulnerabilities, by introducing advanced forms of these common vulnerabilities, built from our own penetration testing experience. Focus is also placed on creating realistic Proof of Concepts to show higher impact and what an attacker could do if the vulnerabilities were exposed. Topics Covered:


Application Discovery

  • Information Gathering
  • Application Functionality 
  • OSINT 
  • Fingerprinting 
  • Identifying Application Entry Points

Vulnerability Identification
  • Automated Scanning Limitations
  • Manual Vulnerability Identification Techniques


Vulnerability Exploitation

  • Blind SQLi
  • Advanced XSS
  • Server Side Template Injection (SSTI)
  • Privilege Escalation
  • Account Hijacking
  • Writing Proof of Concept Exploits

Course Requirements: Course attendees are required to have a laptop with an up to date Kali Linux Virtual Machine. This class is open to attendees of all skill levels, however, we assume prior knowledge of common web vulnerabilities and their exploitation.

 


Speakers
DB

David Bressler

David Bressler is a Managing Consultant at GuidePoint Security within the Application Security Team. He has more than 8 years of broad-based experience managing application penetration testing, source code review, architecture review, network penetration testing, digital and physical... Read More →
CD

Casey Dunham

Casey Dunham is a Security Consultant at GuidePoint Security with 10 years of experience as a full stack software developer in various industries managing development projects and building DevOps and Security initiatives into the Software Development Lifecycle. Before joining GuidePoint... Read More →


Friday May 20, 2016 10:00am - 5:30pm
NERD 1 Memorial Dr