Overview:

This workshop will introduce the student to the techniques needed to remotely detect and

validate the most common high impact vulnerabilities in web-based applications, and

reinforce that knowledge through hands-on labs. Students will gain hands-on experience

with Burp Suite Pro, the industries’ most popular toolkit for manual testing. The 

workshop will cover a single day and include live demos by the instructor as well as lab

exercises to be performed by the students.

The foundation learned in this class will enable the student to continue onto the more

advanced topics in day two, or to use self-directed resources such as the OWASP Testing

Guide (https://www.owasp.org/index.php/OWASP_Testing_Project) or Web Application

Hacker’s Handbook to continue on the learning path.

Course Topics:

● Introduction to and hands-on use of Burp Suite Professional

● Gain first hand experience with web vulnerabilities by discovering and exploiting

them in web apps, using both manual and automated techniques

● Students will leave with an understanding of how to find and exploit the most

common and dangerous flaws in web applications

● Begin working though the OWASP Testing Guide as a methodology for how to

test app security

Who should attend:

Developers, QA personnel, entry-level penetration testers and security personnel, managers, and anyone interested in learning more about application security from an offensive perspective.

What students should bring:

Students are expected to bring a laptop computer so that they can run the virtual

machine image supplied by the instructor. Student system requirements are simple:

Any operating system that can run the latest stable

version of VirtualBox (free from https://www.virtualbox.org/). Currently

supported operating systems include Windows, Mac, and Linux.

● 5 GB of free HD storage

● 2 GB of RAM (4+GB will give better experience)

● USB port or DVD drive

● Wi-Fi networking capability

*** Before the first day of class students must install the latest stable version of

VirtualBox. Also install the latest version of “Oracle VM VirtualBox Extension Pack”.

Both are free and found here: https://www.virtualbox.org/wiki/Downloads.

What students will be provided with:

Each student will be given a virtual machine containing tools, documentation, and web

application targets for a fully self-containing web app security testing environment.

Training will take place in the open-source “Web Application Security Dojo”

(https://dojo.mavensecurity.com) centered around the commercial tool Burp Suite

Professional. A multi-week trial license for Burp Suite Pro will be provided to students,

which can be used outside of class.