Advanced Web Penetration Testing
Presented by Secure Ideas
About the course
The 2 day advanced web penetration testing course is designed to be a hands-on course that will expand both internal and external security personnel testing knowledge. The instructors will start off by briefly reviewing the methodology and the common vulnerabilities. The class will then start digging deeper into ways in which vulnerabilities can be identified using tools such as Burp Suite and SQLMap. A lot of focus will be on techniques used in Intruder and Repeater to identify security flaws. The course will also cover topics such as OAuth and Web services. The course will also cover techniques for providing the right information in reporting situations. Finally, the instructors will discuss ways to help be better prepared for the business side of security consulting. From discussing how to build a reputation to effective communication with the business.
This course is for people who are experienced with web technologies and testing techniques
Trainees should expect to leave the class with a significant understanding of web security and how to test modern technologies.
Participants need VMware, player/workstation/fusion latest version.
About the trainers
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is an instructor and author for the SANS Institute and a faculty member at IANS. He is also a contributing blogger at TheMobilityHub.
Kevin has performed a large number of trainings, briefings and presentations for both public events and internal trainings. Kevin teaches for the SANS Institute on a number of subjects. He is the author of three classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing and SEC571: Mobile Device Security. Kevin has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard and ISSA.
Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.
Jason Gillam is a Senior Security Consultant with Secure Ideas. He has over 15 years of industry experience in enterprise software solutions, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.
Jason co-built and managed an award-winning ethical hacking program at one of the world’s largest financial institutions. He also provided numerous application security training and awareness briefings to a large internal technical audience and led the development of best practices code and documentation for the the same. Jason is especially passionate about integration of security best practices with the SDLC.
Jason holds his GIAC Web-Application Tester certification. He has spoken at the UNC Charlotte Cyber Symposium, is the author of the open-source WASR (Web App Security Report) project and is involved in others projects such as lyinbank.com.
Enroll in this training course
Training requires a separate registration from the AppSec USA conference. Registration for both conference and training offerings may be found here.