*Please Note: Training is not part of the free General Body meetups. We are often asked by members if we can provide hands-on training courses. Therefore, we spun up LETHAL Security to provide a cheap alternative solution. This posting is just an awareness post, to check out more details on the classes or register, you have to go to: http://securepla.net/training/.
Every want to learn how to bug bounty or hack web applications? Come to the world famous two day Web Hacking Basic/Advanced Course hosted by LETHAL Security on May 14/15 at the ISSA LA Summit in Santa Monica!
This training course was custom developed to put you right into the action and simulate real world web attacks. On day one of the course, you'll be hired to perform a penetration test against a BitCon Exchange. You'll go through the Hacker Playbook methodology to perform both basic and advanced attacks. On day two of the course, you'll focus on newer attacks and frameworks. In recent years, we have seen a number of new languages and frameworks such as NodeJS/Express. With these new technologies come both old and new vulnerabilities. You'll be tasked to attack a Node Chat Application and understand why you can't use generic attacks against these new frameworks.
This isn't your average web app course! We built the labs around what we are seeing as penetration testers and bug bounty hunters.
-May 14 - 15, 2019.
-Class: 9AM - 5PM
Perform and understand both common and advanced web attacks
Learn how bug bounty hunters perform quick and effective reconnaissance
Manually attack applications with and without the use of tools
Fuzz inputs for potential injection points
Find critical vulnerabilities in applications
Understand vulnerabilities in newer languages/frameworks such as NodeJS and Express
Day 1 - Primer
-Attacking XSS, Polyglots, and Blind XSS
-Cross-Site Request Forgery
-Insecure Direct Object Reference
-Local File Inclusions and Server Side Request Forgery
-Manual SQL Injections
-Remote Code Execute with Images
Day 2 - Advanced Attacks
-XML eXternal Entities (XXE) and OOB
-API Attacks and Vulnerabilities
Upon Completion of this training, attendees will know:
-How to perform a web application penetration test
-How to use proxy tools such as Burp Suite
-How to manually identify vulnerabilities
-How to become a bug bounty hunter
-How to protect your own web applications from attackers