Attacking & Defending Web Apps with bWAPP

Overview

This is a 2 day advanced web security course for system engineers, developers, and security enthusiasts who want to learn to assess web applications and web servers. The focus here is on both attacking and defending techniques. All the exercises are performed on our famous bWAPP web security testing framework.

Students will detect and exploit web vulnerabilities like SQL and HTML injections, authentication and session issues, XSS, CSRF, file inclusions, Heartbleed, Shellshock, Drupageddon, POODLE, ClickJacking, etc. Detection and exploitation are done using manual procedures as well as using open source tools and commercial web scanners!

Objectives

At the end of this training course, the students should be able to assess web applications and web servers for security vulnerabilities. In addition, the students should be able to harden web servers, identify insecure code, and to write a false-positive free audit report.

We focus on methodologies and procedures, and not only on the software tools. This approach, in combination with our realistic hands-on labs, separates MME's courses from others!
 

Topics

  • Introduction to Web Applications
  • Pentesting and Methodologies
  • OWASP and the Top 10 Risks
  • Writing User-Friendly Reports
  • Active/Passive Reconnaissance
  • Vulnerabilities and Exploitation
  • Post-Exploitation and Webshells
  • Local Privilege Escalations
  • Advanced Vulnerability Detection
  • Intercepting Proxies
  • Web Application Scanners
  • Writing Secure Code
  • Web Server Hardening
  • Web Application Firewalls

Requirements

  • Own laptop is required (!)
    • Windows, Mac OS X, or Linux
    • Administrator privileges
    • Ethernet and USB interface
    • Ability to disable AV and IPS
    • VMware Player/Fusion installed
  • Strong interest in web security
  • No programming knowledge required

More info

This training is on demand, and only organized in Belgium. To request a price quote or for more info,
please fill out the form below.

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
12 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.