LETHAL Security Training - Web Hacking Basic/Advanced Course May 14/15 @ ISSA

This is a past event

Location image of event venue


*Please Note: Training is not part of the free General Body meetups. We are often asked by members if we can provide hands-on training courses. Therefore, we spun up LETHAL Security to provide a cheap alternative solution. This posting is just an awareness post, to check out more details on the classes or register, you have to go to: http://securepla.net/training/.

Hey Hackers,

Every want to learn how to bug bounty or hack web applications? Come to the world famous two day Web Hacking Basic/Advanced Course hosted by LETHAL Security on May 14/15 at the ISSA LA Summit in Santa Monica!

This training course was custom developed to put you right into the action and simulate real world web attacks. On day one of the course, you'll be hired to perform a penetration test against a BitCon Exchange. You'll go through the Hacker Playbook methodology to perform both basic and advanced attacks. On day two of the course, you'll focus on newer attacks and frameworks. In recent years, we have seen a number of new languages and frameworks such as NodeJS/Express. With these new technologies come both old and new vulnerabilities. You'll be tasked to attack a Node Chat Application and understand why you can't use generic attacks against these new frameworks.

This isn't your average web app course! We built the labs around what we are seeing as penetration testers and bug bounty hunters.

-May 14 - 15, 2019.
-Class: 9AM - 5PM

To Register:

Course Objectives:

Perform and understand both common and advanced web attacks
Learn how bug bounty hunters perform quick and effective reconnaissance
Manually attack applications with and without the use of tools
Fuzz inputs for potential injection points
Find critical vulnerabilities in applications
Understand vulnerabilities in newer languages/frameworks such as NodeJS and Express
Training Syllabus

Day 1 - Primer
-Attacking XSS, Polyglots, and Blind XSS
-Cross-Site Request Forgery
-Integer Underflows
-Insecure Direct Object Reference
-Local File Inclusions and Server Side Request Forgery
-Manual SQL Injections
-Remote Code Execute with Images

Day 2 - Advanced Attacks
-XML eXternal Entities (XXE) and OOB
-Deserialization Attacks
-Template Injection
-Node.JS Attacks
-Cloud Issues
-API Attacks and Vulnerabilities

Upon Completion of this training, attendees will know:
-How to perform a web application penetration test
-How to use proxy tools such as Burp Suite
-How to manually identify vulnerabilities
-How to become a bug bounty hunter
-How to protect your own web applications from attackers

To Register:

Attendees (1)

Go to Attendee List