Sec542: Web Application Penetration Testing

 

SANS Mentor Program

Mentor is SANS' program for learning our courseware in ten-weekly classroom sessions right in your home town. Mentor gives you time to absorb and master the same material commonly taught at SANS six-day conferences, with the guidance of a trained network security professional.  For more information on the SANS Mentor program, go to http://www.sans.org/mentor/about.php

 

SANS makes every effort to help you obtain certification.

March 12th, 2014

SANS Comes to Burnaby, BC

 

 

 

Register

Today!

To Register or Get Additional Information on this course:

 

www.sans.org/mentor/class/sec542-burnaby-12mar2014-david-klassen

 

Course Location: Burnaby, BC, Canada

 

 

 

 

 

Group Discounts:
SANS Mentor Program is pleased to offer two (2) or more Students

who work at the same organization, a Group Discount tuition fee. To

obtain the Group Discount fee and Registration Code offered for this course, contact mentor@sans.org PRIOR to registering.

 Mentor bio:

I started my career in security, testing the Public Key Infrastructure (PKI) applications, used to create SSL trust relationships. SSL provided a NIST/FIPS certified answer to securing communications, however given PKI was defensive by design, we did not focus much of our time thinking the same way an attacker might. Later I completed a degree to both comprehend secure design and also understand the attacker method. Eventually I decided I liked designing software more than attacking it, so I took on roles as a software developer. Today I help companies understand the implications of security defects in their software, and how to find the defects before they get deployed to their production systems endangering both their clients, and their own employees. Prevention is by far a much harder task than detection, and that is why we are able to make this course so much fun!

Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attackers. In this intermediate to advanced level class, you'll learn the art of exploiting Web applications so you can find flaws in your enterprise's Web apps before the bad guys do. Through detailed, hands-on exercises and training from a seasoned professional, you will be taught the four-step process for Web application penetration testing. You will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. You will utilize cross-site scripting attacks to dominate a target infrastructure in our unique hands-on laboratory environment. And you will explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen. You will learn the tools and methods of the attacker, so that you can be a powerful defender.

 

Throughout the class, you will learn the context behind the attacks so that you intuitively understand the real-life applications of our exploitation. In the end, you will be able to assess your own organization's Web applications to find some of the most common and damaging Web application vulnerabilities today. By knowing your enemy, you can defeat your enemy.

The SANS Web App Penetration Testing and Ethical Hacking course will run for 10 weeks and is divided into five sections:

 

SANS and GIAC Certification Overview:

· Web App Penetration Testing and Ethical Hacking   I: The Attacker's View of the Web

· Web App Penetration Testing and Ethical Hacking  II: Reconnaissance and Mapping

· Web App Penetration Testing and Ethical Hacking III: Server-Side Discovery

· Web App Penetration Testing and Ethical Hacking IV: Client-Side Discovery

· Web App Penetration Testing and Ethical Hacking  V: Exploitation

 

This comprehensive course is particularly well suited to security professionals and software engineers who want to fill the gaps in their understanding of the technical aspects of web security, for professionals who want to prove web application vulnerability beyond simple scan results towards actual exploit fact, and if you want to proof your applications secure. Sec 542 will prepare you for the GIAC Web Application Penetration Tester GWAPT certification.