Red Team Summit CFP now open! Register Here
Shopping Cart

No products in the cart.

Professionally Evil Application Security: From Mapping to Exploitation with Jordan Bonagura

Professionally Evil Application Security From Mapping to Exploitation with Jordan Bonagura

Overview

  • Course Length: 16 hours
  • Support from expert instructors
  • Includes a certificate of completion
  • Up to 12 months access to Cyber Range
Pay
What You
Can
Instructor:

The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels.

This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization. The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work. The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation. This methodology provides a comprehensive standard for assessing applications and APIs.

Session One:

  • Introduction
  • Preparation
    • How the web works
    • Scoping
    • Hosting Services
    • Limitations
    • Tools used in assessing applications
    • Methodology
  • Reconnaissance
    • Recon Overview
    • Recon Tools
    • Types of data
    • Sensitive data exposure
  • Mapping
    • Mapping Overview
    • Platform Detection
    • Application types
    • Fingerprinting
    • HTTP Overview
    • Finding Vulnerabilities

Session Two

  • Discovery
    • Injections
      • Buffer Overflow
      • Code Injection
      • Command Injection
      • Cross-Site Scripting(XSS)
      • Insecure Deserialization
      • LDAP Injections
      • Logic Flaws and Race Conditions
      • Server-Side Request Forgery (SSRF)
      • SQL Injections
      • XML External Entity
    • Cross Site Request Forgery
  • Exploitation
    • Context
    • Validation
    • Ranking Severity
    • Pivoting
      • Shells
      • Payloads
  • Reporting

February Virtual Class

  • February 18th – 9:00 AM to 6:00 PM EST
  • February 19th – 10:00 AM to 6:00 PM EST

Pre-requisites

Students attending this class should have familiarity with how the web works, HTML, andJavascript.

Who Should Take This Course

  • Penetration Testers
  • IT Professional
  • Developers
  • Students

Audience Skill

  • Beginner
  • Intermediate

Student Equipment And Software Requirements

All students must have installed the BURP Community software. Download available at

https://portswigger.net/burp/communitydownload

Live Training

  • Pay What You Can
  • Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
  • Access to course slides for future reference
  • Tips, tools, and techniques that can be applied immediately upon returning to work
  • Strengthen your skills by solving challenges within the Antisyphon Cyber Range
  • Become part of a community driven to educate and share knowledge

Pay What You Can

Professionally Evil Application Security: From Mapping to Exploitation with Jordan Bonagura
$ 50.00 $ 575.00
Pay
$ 50.00
Includes certificate of participation, six months access to class recordings and our appreciation.
Feb 18 – Feb 19
9am EST – 6pm EST
$ 50.00
Select option

Pay What You Can

Pay
$ 50.00
Includes certificate of participation, six months access to class recordings and our appreciation.

Pay
$ 95.00
Includes certificate of participation, six months access to class recordings and our appreciation.

Pay
$ 195.00
Includes certificate of participation, six months access to class recordings and our appreciation.

Pay
$ 295.00
Includes certificate of participation, six months access to class recordings, six months access to Cyber Range and our appreciation.

Pay
$ 395.00
Includes certificate of participation, six months access to class recordings, six months access to Cyber Range and our appreciation.

Complete Package

Pay
$ 575.00
Includes certificate of participation, six months access to class recordings, twelve months access to Cyber Range and our appreciation.

Course Categories:

Pay What You Can, Red Team