So you’ve popped some alert boxes, and understand the OWASP Top 10, but you’re looking to take your skills to the next level?
Advanced Web Application Penetration Testing
This training can range from several hours to a full week. An example agenda is given below.
- OSINT & Target Recon
- Burp Suite Tips and Tricks
- Obscure Burp functionality
- Advanced Burp Suite usage, such as session management and authorization testing
- Burp Enterprise
- Continuous Testing
- Advanced XSS
- Client-Side Template Injection
- Advanced Authentication Methods & Vulnerabilities
- OpenID Connect
- Optional: Open Bug Hunting
- XML External Entities (XXE)
- Exploiting Cloud Services (EC2, S3, etc.)
- Deserialization Vulnerabilities
- Exploiting Cryptographic Weakness
- Stream Ciphers
- Block Ciphers
- Padding Oracle Attacks
- Writing Burp Extensions
- Other Web Technologies
- HTTP 2 / HTTP 3
- HTTP Security Headers
Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required.
We offer training at various conferences. If you know of conference we may be interested in, please let us know! Pricing for private training classes is generally $3000-$4000 per day. Please contact us to get an exact quote.
Please contact us if you are interested in us letting you know once a virtual or public class is scheduled.