Scribd Logo
Carica

Benvenuto in Scribd!

  • Bwapp Training

    Caricato da

    Sandra M Martinez L
    657 visualizzazioni27 pagine
    Advance Web application security training

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Advance Web application security training

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    657 visualizzazioni27 pagine

    Bwapp Training

    Caricato da

    Sandra M Martinez L
    Advance Web application security training

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 27

    Attacking & Defending Web Apps with bWAPP

    MME | IT Audits & Security


    2013 MME BVBA, all rights reserved.

    bWAPP training
    2-day comprehensive web security course Focus on attack and defense techniques

    Performed on the famous bWAPP platform


    bWAPP, or a buggy web application Deliberately insecure

    Build to better secure web apps


    Includes all OWASP Top 10 vulns

    2013 MME BVBA, all rights reserved.

    bWAPP training

    2013 MME BVBA, all rights reserved.

    bWAPP training
    You will learn how to:
    Detect vulnerabilities

    Exploit vulnerabilities
    Audit web applications Secure web and database servers

    2013 MME BVBA, all rights reserved.

    bWAPP training

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Web Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Web Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps
    bWAPP and bee-box HTTP/HTTPS Basics Building Web Applications Web 2.0
    (HTML, JavaScript, PHP, ASP,...)

    Cross-Origin Resource Sharing


    Database Technologies Hacktivism and Web Attacks

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Web Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Penetration Testing
    Web Application Penetration Testing Black-Box and White-Box Testing Penetration Testing Distributions Introduction to Kali Linux
    (formerly BackTrack)

    Testing Methodologies
    Open Web Application Security Project (OWASP) Writing Reports

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Web Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Reconnaissance
    Browser Add-ons Crawling and Bruteforcing Web Server Scanners Intermediate Proxies

    Information Disclosures

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Advanced Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Vulnerabilities & Exploitation
    Injections
    (HTML, Cmd, SQL, Blind SQL, JSON, XML/XPath,...)

    Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Session & Authentication Issues

    Client Side Attacks


    Denial-of-Service (DoS) Local Privilege Escalations

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Vulnerabilities & Exploitation
    HTTP Parameter Pollution and Response Splitting File Inclusions (LFI/RFI) Malicious File Uploads Cross-Domain Attacks
    (~ webshells)

    ClickJacking & HTML5 Web Storage Issues


    Parameter Tampering Cryptographic Attacks

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Web Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Web Vulnerability Detection
    Intermediate Proxies Open Source Assessment Tools Commercial Vulnerability Scanners Source Code Analysis Tools

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Web Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Writing Secure Code
    Input Validations Stored Procedures Prepared Statements Additional Defenses

    OWASP Developer Guide

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Introduction to Web Apps

    Penetration Testing
    Reconnaissance Vulnerabilities & Exploitation

    Web Vulnerability Detection


    Writing Secure Code Web & Database Server Hardening

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Course Content
    Web & Database Server Hardening
    Apache and IIS Security MySQL and MS SQL Security High Availability Techniques Intrusion Detection and Prevention

    Web Application Firewalls (WAFs)

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Audience
    System engineers, web programmers, geeks and all other InfoSec enthusiasts are welcome! This is a hardcore InfoSec training

    2013 MME BVBA, all rights reserved.

    bWAPP training
    After attending the course you will be able to
    Detect vulnerabilities in web apps

    Audit, pentest (and hack) web apps


    Protect web apps from modern attacks Harden web servers and databases

    Optimize source code


    My revenge will be sweet...

    2013 MME BVBA, all rights reserved.

    bWAPP training
    When & Where
    This course is on demand, at your location

    2-day training
    Schedule
    09u00 - 13u00 : training part 1 13u00 - 14u00 : break 14u00 - 17u00 : training part 2

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Prices
    1110 EUR/student

    Special prices for groups


    Included
    Course materials Software Certificate

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Requirements
    Laptop with at least 2GB RAM and 20GB free disk space

    VMware Player, Workstation or Fusion


    Programming knowledge not required Interest in InfoSec

    Subscriptions possible from here

    2013 MME BVBA, all rights reserved.

    bWAPP training
    Trainer: Malik Mesellem
    Email LinkedIn Twitter Blog | | | |
    malik@mmeit.be be.linkedin.com/in/malikmesellem twitter.com/MME_IT itsecgames.blogspot.com

    2013 MME BVBA, all rights reserved.

    Potrebbero piacerti anche