This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and [...]
  • QAAWHACKNSS-QA
  • Cena na vyžádání

This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.Attendees will also benefit from a state-of-art Hacklab during the course.Some of the highlights of the class include:Modern JWT, SAML, OAuth bugsCore business logic issuesPractical cryptographic flaws.RCE via Serialization, Object, OGNL and template injection.Exploitation over DNS channelsAdvanced SSRF, HPP, XXE and SQLi topics.Serverless exploitsWeb Caching issuesAttack chaining and real life examples.Target AudienceWeb developersIntermediate level penetration testersDevOps engineers, network engineersSecurity researchers / analystsSecurity architectsSecurity professionals & enthusiastsAnyone who wants to take their skills to the next levelUsers are also encouraged to familiarize themselves with Burp Suite https://portswigger.net/burp/communitydownload to gain maximum out of the class.

  • Perform security testing to identify and safely exploit complex web vulnerabilities that get missed by scanners and other automated tools – this can help you detect vulnerabilities and recommend patching accordingly
  • Design this testing around real-world attacker behaviour and tooling, making it relevant to the threats facing your organisation
  • Customise offensive tooling to generate tailored (rather than “out of the box”) payloads that lead to more advanced testing
  • Recommend measures to circumvent any conditions that could lead to the emergence of vulnerabilities
  • Understand the business impact of web vulnerabilities and articulate this to key stakeholders
  • Take on greater responsibility in the team and become an advocate of security in the wider business

Mám zájem o vybraný QA kurz