Loading…
AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Wednesday, January 22 • 9:00am - 5:00pm
Web Application Hacking Training

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
ABSTRACT
The Application Security Training is a “1 Day Hands-On Training”. This Training is intended for students/professionals interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from security standpoint.

This training covers understanding the internals of web and mobile applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.

WHO THIS TRAINING IS FOR?
● Students interested in Application Security
● Security Analysts/Researchers.
● IT Professionals working in Web Application Development domain.
● IT professionals working in Information Technology-Security domain.

KEY TAKEAWAYS
● Understanding of manual & automated tools and techniques and when to apply them.
● Clear understanding of the Web Application Penetration Testing
● Ability to analyze a Web Application from a Security Standpoint
● Gain confidence in customizing your Application Security Testing Approach to suit the
application specific pentesting needs, by gaining clarity on the powerful features of Burp
Suite Tool
● Build a clear scope to prioritize your security testing

What will be covered
  • Opening
    • about the class
    • about OWASP
  • Introduction
    • Security Awareness/hacker mindset
    • Introduction to the training environment and tools
  • Reconnaissance
    • Web application Reconnaissance
    • HTTP / HTTPS basics
    • Web application and Web server fingerprinting
  • Most common vulnerabilities, detection, and exploitation 3 hours
    • XSS (HTML, Attribute, DOM)
    • SQLi
    • IDOR Vulnerabilities
    • XXE
    • SSRF
    • File Upload Vulnerabilities
    • Insecure API
  • Where to go from here
    • Introduction cloud security (AWS, Azure)
    • SCADA
    • Embedded
  • Recap

Prerequisites
  • Laptop with
    • ### Workshop software installed and configured as specified in the PDF at the end of this page -- please do this BEFORE the workshop ###
    • make sure you have actually run a Virtual image before
    • minimal 4GB RAM
    • 10 GB free space
    • VMware or VirtualBox installed
    • If possible, administrator privileges
  • Basic understanding of software development and or networking

Upon Completion of this training, attendees will know
● Understanding of manual & automated tools and techniques and when to apply them.
● Clear understanding of the Web Application Penetration Testing
● Ability to analyse a Web Application from a Security Standpoint
● Gain confidence in customising your Application Security Testing
Approach to suit the application specific pen-testing needs, by
gaining clarity on the powerful features of Burp Suite Tool
● Build a clear scope to prioritise your security testing

Attendees will be provided with (by trainer)

Training Deck
Virtual Machines
Answers Sheets
Help in revisiting the session challenges post the class

Speakers
avatar for Vandana Verma

Vandana Verma

Security Solutions Architect, WIA Asia Lead and Secretary, OWASP Bangalore Chapter Leader, IBM
Vandana Verma is an experienced application security practitioner, OWASP Bangalore Chapter Leader, OWASP WIA Lead, WoSec, InfoSecgirls and Women in Cyber Security Advocate. She has given talks and workshops at many colleges and security conferences including AppSec Europe, AppSec... Read More →



Wednesday January 22, 2020 9:00am - 5:00pm PST
Sand and Sea Room