Black Friday Sale Happening Now! Learn More

Professionally Evil Application Security: From Mapping to Exploitation

Course Authored by .

Professionally Evil Application Security From Mapping to Exploitation with Jordan Bonagura

The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels.

Course Length: 16 Hours

Includes a Certificate of Completion



Description

The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels.

This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization. The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work. The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation. This methodology provides a comprehensive standard for assessing applications and APIs.

 

  • Student Equipment And Software Requirements
    • All students must have installed the BURP Community software. Download available at: https://portswigger.net/burp/communitydownload

Syllabus

Session One:

    • Introduction

    • Preparation

        • How the web works

        • Scoping

        • Hosting Services

        • Limitations

        • Tools used in assessing applications

        • Methodology

    • Reconnaissance

        • Recon Overview

        • Recon Tools

        • Types of data

        • Sensitive data exposure

    • Mapping

        • Mapping Overview

        • Platform Detection

        • Application types

        • Fingerprinting

        • HTTP Overview

        • Finding Vulnerabilities

Session Two

    • Discovery

        • Injections

            • Buffer Overflow

            • Code Injection

            • Command Injection

            • Cross-Site Scripting(XSS)

            • Insecure Deserialization

            • LDAP Injections

            • Logic Flaws and Race Conditions

            • Server-Side Request Forgery (SSRF)

            • SQL Injections

            • XML External Entity

        • Cross Site Request Forgery

    • Exploitation

        • Context

        • Validation

        • Ranking Severity

        • Pivoting

            • Shells

            • Payloads

    • Reporting

FAQ

Pre-requisites

Students attending this class should have familiarity with how the web works, HTML, andJavascript.

Who Should Take This Course

Penetration Testers
IT Professional
Developers
Students

Audience Skill

Beginner
Intermediate

About the Instructor

Pixel splash background
"Senior Security Consultant at Secure Ideas"
Bio

With more than 20 years of experience in information security, Jordan is passionate about helping companies and clients protect their data and applications from threats and vulnerabilities. As a Principal Security Researcher he had led teams in conducting vulnerability management, risk assessments, penetration tests, etc. He also had the opportunity to speak at security conferences around the globe, be a college professor and also a consultant for the Brazilian police in crime solving.

Related products

Shopping Cart

No products in the cart.