Overview:
This workshop will introduce the student to the techniques needed to remotely detect and
validate the most common high impact vulnerabilities in web-based applications, and
reinforce that knowledge through hands-on labs. Students will gain hands-on experience
with Burp Suite Pro, the industries’ most popular toolkit for manual testing. The
workshop will cover a single day and include live demos by the instructor as well as lab
exercises to be performed by the students.
The foundation learned in this class will enable the student to continue onto the more
advanced topics in day two, or to use self-directed resources such as the OWASP Testing
Guide (https://www.owasp.org/index.php/OWASP_Testing_Project) or Web Application
Hacker’s Handbook to continue on the learning path.
Course Topics:
● Introduction to and hands-on use of Burp Suite Professional
● Gain first hand experience with web vulnerabilities by discovering and exploiting
them in web apps, using both manual and automated techniques
● Students will leave with an understanding of how to find and exploit the most
common and dangerous flaws in web applications
● Begin working though the OWASP Testing Guide as a methodology for how to
test app security
Who should attend:
Developers, QA personnel, entry-level penetration testers and security personnel, managers, and anyone interested in learning more about application security from an offensive perspective.
What students should bring:
Students are expected to bring a laptop computer so that they can run the virtual
machine image supplied by the instructor. Stude ...
1601 Broadway, New York, NY 10019 B5 HACK NYC 2018 events@magegroupe.comOverview:
This workshop will introduce the student to the techniques needed to remotely detect and
validate the most common high impact vulnerabilities in web-based applications, and
reinforce that knowledge through hands-on labs. Students will gain hands-on experience
with Burp Suite Pro, the industries’ most popular toolkit for manual testing. The
workshop will cover a single day and include live demos by the instructor as well as lab
exercises to be performed by the students.
The foundation learned in this class will enable the student to continue onto the more
advanced topics in day two, or to use self-directed resources such as the OWASP Testing
Guide (https://www.owasp.org/index.php/OWASP_Testing_Project) or Web Application
Hacker’s Handbook to continue on the learning path.
Course Topics:
● Introduction to and hands-on use of Burp Suite Professional
● Gain first hand experience with web vulnerabilities by discovering and exploiting
them in web apps, using both manual and automated techniques
● Students will leave with an understanding of how to find and exploit the most
common and dangerous flaws in web applications
● Begin working though the OWASP Testing Guide as a methodology for how to
test app security
Who should attend:
Developers, QA personnel, entry-level penetration testers and security personnel, managers, and anyone interested in learning more about application security from an offensive perspective.
What students should bring:
Students are expected to bring a laptop computer so that they can run the virtual
machine image supplied by the instructor. Student system requirements are simple:
Any operating system that can run the latest stable
version of VirtualBox (free from https://www.virtualbox.org/). Currently
supported operating systems include Windows, Mac, and Linux.
● 5 GB of free HD storage
● 2 GB of RAM (4+GB will give better experience)
● USB port or DVD drive
● Wi-Fi networking capability
*** Before the first day of class students must install the latest stable version of
VirtualBox. Also install the latest version of “Oracle VM VirtualBox Extension Pack”.
Both are free and found here: https://www.virtualbox.org/wiki/Downloads.
What students will be provided with:
Each student will be given a virtual machine containing tools, documentation, and web
application targets for a fully self-containing web app security testing environment.
Training will take place in the open-source “Web Application Security Dojo”
(https://dojo.mavensecurity.com) centered around the commercial tool Burp Suite
Professional. A multi-week trial license for Burp Suite Pro will be provided to students,
which can be used outside of class.
Code of Conduct | Press Releases |
Get Involved | Report ISSUE / BUG |
Tickets |
The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.