Hacking Modern Web Apps: Master the Future of Attack Vectors

Online-Workshop am 1. Oktober 2021, 9 bis 16:30 Uhr

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long are the days since web servers were run by Perl scripts and Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server.

Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web app platform.

Vorkenntnisse

This course has no prerequisites as it is designed to accommodate students with different skills:

  • Advanced students will enjoy comprehensive labs, extra miles and CTF challenges
  • Less experienced students complete what they can during the class, and can continue at their own pace from home using the training portal.
This said, the more you learn about the following ahead of the course, the more you will get out of the course:
  • Linux command line basics
  • Basic knowledge of Node.js or JavaScript is not required, but would help

Lernziele

  • The general level of proficiency is much higher than when they came
  • The skills acquired can be immediately applied to modern Web app security assessments
  • Skills can be sharpened via continued education in our training portal for free
  • The student is equipped to defeat common Web app assessment challenges
  • Everybody will learn a lot in this training.
  • Advanced students will come out with enhanced skills and more efficient workflows
  • The skills gained are highly practical and applicable to real-world assessments

Technische Anforderungen

Hardware & Software
Attendees should bring a laptop with the following specifications:
  • Ability to connect to wireless and wired networks.
  • Ability to read PDF files
  • Administrative rights: USB allowed, the ability to deactivate AV, firewall, install tools, etc
  • Knowledge of the BIOS password, in case VT is disabled.
  • Minimum 8GB of RAM (recommended: 16GB+)
  • 60GB+ of free disk space (to copy a lab VM and other goodies)
  • VirtualBox 6.0 or greater, including the “VirtualBox Extension Pack” (NOTE: VMWare is also known to work)

Speaker

 

Abraham Aranguren
Abraham Aranguren is after 13 years in ITsec and 20 in IT now the CEO of 7ASecurity. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester/team lead at Cure53 and Version 1.

Anirudh Anand
Anirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Senior Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 7 years. In his free time, he participates in CTF competitions along with Team bi0s.

enterJS-Newsletter

Du möchtest über die enterJS
auf dem Laufenden gehalten werden?

 

Anmelden