[TRAINING] Web Hacking Basic/Advanced Course 4/25-4/26

*Please Note: Training is not part of the free General Body meetups. We are often asked by members if we can provide hands-on training courses. Therefore, we spun up LETHAL Security to provide a cheap alternative solution. This posting is just an awareness post, to check out more details on the classes or register, you have to go to: http://securepla.net/training/.

Hey Hackers,

Every want to learn how to bug bounty or hack web applications? Come to the world famous two day Web Hacking Basic/Advanced Course hosted by LETHAL Security on April 25 - 26 in Irvine CA.

This training course was custom developed to put you right into the action and simulate real world web attacks. On day one of the course, you'll be hired to perform a penetration test against a BitCon Exchange. You'll go through the Hacker Playbook methodology to perform both basic and advanced attacks. On day two of the course, you'll focus on newer attacks and frameworks. In recent years, we have seen a number of new languages and frameworks such as NodeJS/Express. With these new technologies come both old and new vulnerabilities. You'll be tasked to attack a Node Chat Application and understand why you can't use generic attacks against these new frameworks.

This isn't your average web app course! We built the labs around what we are seeing as penetration testers and bug bounty hunters.

Date/Time:
-April 25-26
-Class: 9AM - 5PM
-Cost: $500 (student and other discounts available. Contact peter@lethalsecurity).

To Register:
-https://www.universe.com/events/web-application-hacking-2-day-course-tickets-irvine-VM1T7B

Course Objectives:

Perform and understand both common and advanced web attacks
Learn how bug bounty hunters perform quick and effective reconnaissance
Manually attack applications with and without the use of tools
Fuzz inputs for potential injection points
Find critical vulnerabilities in applications
Understand vulnerabilities in newer languages/frameworks such as NodeJS and Express
Training Syllabus

Day 1 - Primer
-Recon/Spidering
-Attacking XSS, Polyglots, and Blind XSS
-Cross-Site Request Forgery
-Integer Underflows
-Insecure Direct Object Reference
-Local File Inclusions and Server Side Request Forgery
-Manual SQL Injections
-Remote Code Execute with Images

Day 2 - Advanced Attacks
-XML eXternal Entities (XXE) and OOB
-DOM XSS
-Deserialization Attacks
-NoSQL
-Template Injection
-Node.JS Attacks
-Cloud Issues
-API Attacks and Vulnerabilities

Upon Completion of this training, attendees will know:
-How to perform a web application penetration test
-How to use proxy tools such as Burp Suite
-How to manually identify vulnerabilities
-How to become a bug bounty hunter
-How to protect your own web applications from attackers