Instructor: Kevin Johnson
Course Length: 4 hours per class
Price: $25-$150 per session
Includes: Six months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
Professionally Evil Application Security (PEAS): Mastering Application Reconnaissance and Mapping
Embark on a journey into the world of web security with Mastering Application Reconnaissance and Mapping. As part of the Professionally Evil Application Security series, this course focuses on the crucial aspects of reconnaissance and mapping within the application penetration testing methodology. Whether you’re a seasoned professional or a curious newcomer, this course will equip you with the foundational knowledge and practical skills to assess web applications against potential vulnerabilities.
The adventure begins with a comprehensive introduction, preparing you for the exciting challenges ahead. Discover how the web works, uncover the nuances of scoping, and delve into the intricacies of hosting services. Understand the limitations that applications face, and explore the various tools used to assess and enhance their security.
In the reconnaissance section, learn the art of information gathering as it pertains to web applications. Navigate through diverse application types, grasp the significance of sensitive data exposure, and acquire valuable insights into mapping techniques. Uncover hidden vulnerabilities and understand how HTTP, content-security policies, origin policies, cookies, and APIs impact the security landscape.
Our instructors will guide you through each module, providing real-world examples and practical exercises in a test lab. Sharpen your skills, target your class objectives, and gain hands-on experience to develop a robust security mindset.
Join us on this casual yet professional learning journey and unlock the secrets of web security. Enroll in “Mastering Application Reconnaissance and Mapping” today to become a proficient application security professional and stay one step ahead of emerging threats.
Professionally Evil Application Security (PEAS): Mastering Client-Side Flaws and Exploitation
Embark on the finale of our Professionally Evil Application Security series with our course, Mastering Client-Side Flaws and Exploitation. In this session, you’ll uncover the secrets of client-side vulnerabilities and learn how to secure web applications against potential threats.
From beginners to seasoned professionals, this course offers a wealth of knowledge and practical skills to master the intricacies of client-side flaws and their exploitation. Prepare yourself for an exciting journey through the realms of logic flaws, cross-site scripting (XSS), cross-site request forgery (CSRF), and more.
The course commences with an introduction, setting the stage for the captivating challenges ahead. Dive into the intricate world of logic flaws, understanding the potential risks they pose to application security. Explore the ins and outs of XSS attacks and CSRF vulnerabilities, and gain a keen understanding of how browser policies (CSP, CORS, Same Origin) work to protect an application.
With a focus on practicality, you’ll delve into the realm of exploitation. Learn how to effectively navigate the contextual aspects of vulnerability assessment, master validation techniques, and rank the severity of discovered vulnerabilities.
Furthermore, the course emphasizes the importance of comprehensive reporting. Gain insights into creating concise and informative reports that effectively communicate the discovered vulnerabilities and their potential impact. Explore different reporting frameworks and compliance standards, ensuring your reports align with industry best practices.
Throughout the course, our expert instructors will guide you, providing real-world examples, interactive labs, and engaging discussions. Our state-of-the-art learning environment allows you to gain practical experience and strengthen your skills in a safe and controlled setting.
Enroll in Mastering Client-Side Discovery and Exploitation today, and equip yourself with the knowledge and expertise to secure web applications against client-side vulnerabilities. With a focus on practicality, this course will empower you to confidently assess, remediate, and report vulnerabilities, enabling you to safeguard applications with excellence.
Professionally Evil Application Security (PEAS): Unveiling Server-Side Discovery and Exploitation
Welcome to the world of application security, where you’ll unravel the hidden flaws lurking within server-side portions of web applications. Join us for the second course in the Professionally Evil Application Security series.
Designed to expand your expertise in vulnerability discovery, this course focuses on key concepts and techniques to identify and mitigate server-side vulnerabilities. Led by Secure Ideas’ experts, you’ll gain the knowledge and practical skills necessary to assess applications and their risk of malicious attacks.
Begin your journey with a comprehensive introduction, setting the stage for the exciting challenges ahead. Dive into the intricacies of discovery, as you explore various flaws within the server-side portions of the applications and APIs. Understand the significance of context and grasp the essential concepts related to flaws that can compromise server-side security.
Through hands-on exercises and real-world examples, you’ll delve into critical areas such as authentication and authorization, session fixation, redirects and forwards, injections, insecure deserialization, server-side request forgery (SSRF), and XML external entities. Uncover the techniques used by attackers to exploit these vulnerabilities and learn how to effectively counteract them.
Our expert instructors will guide you through each module, providing in-depth insights and practical knowledge to enhance your skills. Engage in stimulating discussions, participate in interactive labs, and gain valuable experience in vulnerability discovery within our cutting-edge test environment.
Enroll in Unveiling Server-Side Discovery and Exploitation today to fortify your application security arsenal and emerge as a proficient professional in the field. Together, we’ll navigate the intricate world of server-side vulnerabilities and empower you to protect applications with confidence and expertise.
- Provide a fundamental understanding of application penetration testing processes
- Gain a foundational understanding of common application pentesting tools
- Understand how to interact with applications to discover potential security vulnerabilities
- How validate findings and exploit common vulnerabilities
- How to effectively report on discovered vulnerabilities
Who Should Take This Course
- Penetration Testers
- IT Professional
All students attending the training will need a laptop and virtualization software, such as Virtual Box or Hyper-V, installed and ready to use. Virtual Machines will require at least 8GB of RAM and 40GB of hard drive space available.
What Each Student Will Be Provided
Each student will receive a PDF of the course material and virtual machine image.
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises, and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.