This seminar is aimed at penetration testers who already have some relevant experience in the security analysis of web applications.
The participants will be able to identify even more complex vulnerabilities (Second Order, Out-of-Band etc.) and use their tools much more effectively in their daily work.
Tools for testing web applications are discussed in detail. As a central test tool Burp is extensively presented. For that, it is important that each participant uses an operating system with a modern web browser. In case a participant does not yet have a Burp Professional license, an individual training license can be provided for the duration of the course.
The training includes a variety of practical exercises for which our convenient mobile training environment is used. The participants learn to understand the vulnerabilities by solving tasks at different difficulty levels before discussing them in the group.
The participants are encouraged to use their own laptop with their own preferred working environment and don’t have to adapt to the training environment. The use of a suitable pentest environment, such as Kali Linux or Blackarch, is recommended but not required.
All contents can be adapted specifically to your needs!
- HTTP, DNS
- Burp (usage, session management, macros, write your own extensions)
- CSRF in modern web applications
- CORS, JSONP, web sockets
- XSS exploitation
- Dom based XSS, blind XSS
- Local file inclusion exploitation
- Blind SQLi
- XPATH, LDAP
- Insecure bbject deserialization
- NoSQL injection
- XXE, XSLT
2 to 4 days or individually configured
|Dr. Benjamin Kellermann|
Experienced penetration tester and IT security consultant
Security consultant and head of the penetration test team