Course Length: 16 Hours
Tuition: $575 per person
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
This page is for the Live version of this course. See below for any trainings currently scheduled. If there are no training sessions scheduled at this time, there may be an On-Demand version available.
If you are interested in arranging a private training for your organization, contact us to set up a call!
Modern Webapp Pentesting II: Webapp Internals is written as a followup to Modern Webapp Pentesting.
This course builds on the fundamentals and gives you experience with how they apply to current problems in web applications. A very hands-on course, the material is organized around key technologies and concepts like authentication and authorization, understanding in-browser defenses so you can devise ways to bypass them, and learning just enough about web development to see where real developers are likely to make mistakes or rely too much on unstated assumptions.
This course doesn’t worry about where a student falls on the imaginary scale of beginner to expert but instead focuses on finding and exploiting the kinds of issues found in real webapps today.
BB King has been pentesting webapps since 2008. He was the second hire into his employer’s application security team at a time when “PCI” was brand new and long before bug bounty programs – when experienced webapp pentesters had to be made, not found. His internal training and coaching efforts built a successful team of 30 testers, few of whom had significant experience pentesting before joining the team.
BB believes that webapps are the best targets for pentesting because although they all look familiar on the surface, they’re all different, often in surprising ways. Each webapp is a collection of puzzles for a pentester and the first puzzle is figuring out where the other puzzles are! Once you get started, each test can be an engaging chance to practice your problem-solving skills and dive into new technologies.
If no live trainings appear below, please visit our Live Training Calendar for other classes that may interest you.