Penetration Testing - Advanced Web Application Security / Mastering Burp Suite

This seminar is aimed at penetration testers who already have some relevant experience in the security analysis of web applications.

The professional edition of the Burp Suite tool is presented in detail.

The participants will be able to identify even more complex vulnerabilities (Second Order, Out-of-Band etc.) and use their tools much more effectively in their daily work.

Tools for testing web applications are discussed in detail. As a central test tool Burp is extensively presented.

Each participant receives his own Burp Suite Professional license for the duration of the training.

The training includes a variety of practical exercises for which our convenient mobile training environment is used. The participants learn to understand the vulnerabilities by solving tasks at different difficulty levels before discussing them in the group.

The participants are encouraged to use their own laptop with their own preferred working environment and don’t have to adapt to the training environment. The use of a suitable pentest environment, such as Kali Linux or Blackarch, is recommended but not required.

All contents can be adapted specifically to your needs!

Content

  • HTTP, DNS
  • Burp (usage, session management, macros, write your own extensions)
  • CSRF in modern web applications
  • CORS, JSONP, web sockets
  • XSS exploitation
  • Dom based XSS, blind XSS
  • Local file inclusion exploitation
  • Blind SQLi
  • XPATH, LDAP
  • Insecure bbject deserialization
  • NoSQL injection
  • SSRF
  • XXE, XSLT

Target Audience

  • Pentester

Duration

2 to 4 days or individually configured

Prerequisites

Penetration Testing – Web Application Security,
Best Practices für sichere Webanwendungen
oder similar level of knowledge

Trainer

Web Application Security for ExpertsDr. Benjamin Kellermann
Experienced penetration tester and IT security consultant
Web Application Security for ExpertsMaximiliane Zirm
Security consultant and head of the penetration test team

Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.

You might also be interested in these trainings:

all trainings
Mirko Richter

Your Contact:

Mirko Richter

Tel.: +49 (351) 465 662-886
mirko.richter@mgm-sp.com

Wenn Sie auf der Seite weitersurfen, stimmen Sie der Cookie-Nutzung zu.
If you continue to visit the site, you agree to the use of cookies.
Privacy Policy / Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close