Training

By Rigel Kent Security

Trainer: Fred Ladouceur

Duration: 3 days, October 29-31, 2018

Course description:

The Modern Web Application Penetration Testing course will give you a fresh look at the current frameworks and the new vulnerabilities found in today’s web applications. This fast-paced course will take students with little experience to a highly functional degree in performing web application penetration testing. During this course, students will learn to master Burp Suite against a multitude of vulnerabilities, abuse modern frameworks such as Node JS, AngularJS & Python frameworks, dive into the exploitation of serialization, XML, SQL injection, NoSQL injection and much more. Students will be given a diversity of exercises during the course of this training, where they will be able to test and explore their newly acquired skills.

The topics covered will include:

  • 2017 OSAWP top 10 RC2 Final review
  • Web Application Penetration Testing Methodologies
  • Security Protocols Recognition and exploitation (SAML, OAuth, etc.)
  • Mastering Burp Suite
  • SQL injection & NoSQL injection
  • Cross-Site Scripting vulnerability
  • Cross-Site & Server-Side Request Forgery
  • XML attacks
  • Server-Side & Client-Side Template Injection
  • Serialization & Deserialization
  • Web APIs such as REST & SOAP
  • Other minor topics will also be covered

Who Should Attend:

Penetration Testers, Vulnerability Researchers, Web Application Designers, Web Application Developers or any other person who wants to gain a deeper understanding of web application penetration testing.

Student Requirements:

  • Burp Suite Pro (A Burp Suite Pro Training license will be provided for the duration of the course; no prior licensing is required).
  • A Kali Linux VM loaded with the exercises will be provided to the students.
  • Knowledge of web protocols.
  • Familiarity with some web programming languages such as JavaScript, HTML, PHP etc.
  • Student laptops should have at least 4GB of RAM and 30GB of disk space.
  • Students must have admin privileges on the laptop they will use.
  • Students must have the most recent version of VMWare workstation installed on their laptop. VMWare player will not meet course requirements.

Instructor:

Fred Ladouceur is currently employed at Rigel Kent Security as an Ethical Hack Specialist providing penetration testing services to both government and private sector clients. Fred has been implicated in the IT Security field since a young age. He is an experienced network and application level penetration tester, vulnerability researcher and security trainer. During his 12 years with the Canadian Armed Forces, he served as a Unix Administrator for classified networks, team lead for their Network Surveillance team and as Senior Red Team analyst. The mix of his past web development experience and his knowledge of contemporary attack techniques has led him to develop this course filled with modern concepts.

Recent News

October 9th 2018

Cloud security issues are a key focus at this year’s COUNTERMEASURE IT Security Conference, with in depth training as well as key presentation from industry leaders. Graham Thompson, who participated in our 2017 cloud security panel discussion, leads an intensive three day training course, Cloud Security Fundamentals & FedRAMP. IBM’s Jeff Crume will be giving a keynote presentation on Security in the Clouds, and Teri Radichel will present on Top Priorities for Cloud Application Security. For institutions with a cloud infrastructure, these sessions should not be missed.

September 20th 2018

Charlie Miller and Chris Valasek join our growing list of speakers at COUNTERMEASURE 2018.  Their presentation on Security Self-Driving Cars will explore the future security issues of this emerging sector. 

In the not too distant future, we'll live in a world where computers are driving our cars. Soon, cars may not even have steering wheels or brake pedals. But, in this scenario, should we be worried about cyber attack of these vehicles? In this talk, two researchers who have headed self-driving car security teams for multiple companies will discuss how self driving cars work, how they might be attacked, and how they can ultimately be secured.
 
You can view their presentations and those of our other speakers here.

Cancellation Policy

Substitutions can be made at any time. Unfortunately we cannot refund registration fees. Each course is subject to a minimum number of students. In the unlikely event that a course must be cancelled due to low enrolment, full refunds will be provided to registered students.

For more information on COUNTERMEASURE 2018, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or our office line at 613-725-2079.