By Rigel Kent Security
Trainer: Fred Ladouceur
Duration: 3 days, October 29-31, 2018
The Modern Web Application Penetration Testing course will give you a fresh look at the current frameworks and the new vulnerabilities found in today’s web applications. This fast-paced course will take students with little experience to a highly functional degree in performing web application penetration testing. During this course, students will learn to master Burp Suite against a multitude of vulnerabilities, abuse modern frameworks such as Node JS, AngularJS & Python frameworks, dive into the exploitation of serialization, XML, SQL injection, NoSQL injection and much more. Students will be given a diversity of exercises during the course of this training, where they will be able to test and explore their newly acquired skills.
The topics covered will include:
- 2017 OSAWP top 10 RC2 Final review
- Web Application Penetration Testing Methodologies
- Security Protocols Recognition and exploitation (SAML, OAuth, etc.)
- Mastering Burp Suite
- SQL injection & NoSQL injection
- Cross-Site Scripting vulnerability
- Cross-Site & Server-Side Request Forgery
- XML attacks
- Server-Side & Client-Side Template Injection
- Serialization & Deserialization
- Web APIs such as REST & SOAP
- Other minor topics will also be covered
Who Should Attend:
Penetration Testers, Vulnerability Researchers, Web Application Designers, Web Application Developers or any other person who wants to gain a deeper understanding of web application penetration testing.
- Burp Suite Pro (A Burp Suite Pro Training license will be provided for the duration of the course; no prior licensing is required).
- A Kali Linux VM loaded with the exercises will be provided to the students.
- Knowledge of web protocols.
- Student laptops should have at least 4GB of RAM and 30GB of disk space.
- Students must have admin privileges on the laptop they will use.
- Students must have the most recent version of VMWare workstation installed on their laptop. VMWare player will not meet course requirements.
Fred Ladouceur is currently employed at Rigel Kent Security as an Ethical Hack Specialist providing penetration testing services to both government and private sector clients. Fred has been implicated in the IT Security field since a young age. He is an experienced network and application level penetration tester, vulnerability researcher and security trainer. During his 12 years with the Canadian Armed Forces, he served as a Unix Administrator for classified networks, team lead for their Network Surveillance team and as Senior Red Team analyst. The mix of his past web development experience and his knowledge of contemporary attack techniques has led him to develop this course filled with modern concepts.