Know your enemy – reconnaissance, enumeration and landscape discovery.
There’s a web application for most parts of our Internet lives and to a degree, our daily lives. With this large surface area, there’s no doubt that they are often the entry point for most breaches. If you look at some of the biggest hacks in the last 18 months, the compromises can be largely attributed to flaws in web applications.
The course focuses on the fundamentals rather than how to use specific tools. It introduces you, the student, to our hacking methodology refined over thousands of assessment conducted over the last 14 years.
SensePost Training Portal
We've developed a training portal for students to interact with the trainers, keep updated on content and also download all files, slides and tools delivered during the course. This portal is made available to all students, even when the course has finished. In addition, we've moved our training infrastructure into our own cloud, which means students get their own individual environments to test against, making use of VPN's and numerous targets. This gives a fully immersive experience of attacking real-world architecture and networks.
Breaking bad – the application series
SQLi/XML/XPath/LDAP/RFI/DOM, this industry loves acronyms. From the start we cut through the acronym soup and start serving up plain and simple approaches to understand how applications are built and where vulnerabilities are introduced. This is hands on learning, not just listening.
It's imporant to align with Industry Standards, and this course follows both the OWASP Top 10 and the OWASP Application Security Verification Standard (ASVS)
Burp Suite Training Partner
A good testing tool is paramount to ensuring an application assessment delivers the results. At SensePost, we've been fans of Burp Suite for years, using it on all of our assessments. As a Burp Suite Training partner, this course will include a 30 day version of the Pro version so that students attending this course learn how to get the best out of the suite and discover web application flaws efficiently.