
Professionally Evil Application Security (PEAS)
July 31 @ 11:00 am – 4:00 pm EDT
Instructor: Jason Gillam, Kevin Johnson
Course Length: 5 Days, 20 hours
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

Course Description
The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels. This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization. The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work. The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation. This methodology provides a comprehensive standard for assessing applications and APIs.
Key Takeaways
- Provide a fundamental understanding of application penetration testing processes
- Gain a foundational understanding of common application pentesting tools
- Understand how to interact with applications to discover potential security vulnerabilities
- How validate findings and exploit common vulnerabilities
- How to effectively report on discovered vulnerabilities
Who Should Take This Course
- Penetration Testers
- IT Professional
- Developers
- Students
Student Requirements
All students attending the training will need a laptop and virtualization software, such as Virtual Box or Hyper-V, installed and ready to use. Virtual Machines will require at least 8GB of RAM and 40GB of hard drive space available.
What Each Student Will Be Provided
Each student will receive a PDF of the course material and virtual machine image.
Course Instructors

Jason Gillam is Chief Information Officer (CIO) at Secure Ideas and an IANS faculty member. He has over 20 years of industry experience in enterprise software development, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises, and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.