Last Call for your Web Application Security Training – Break all teh Web and enjoy it!

René Pfeiffer/ November 9, 2018/ Conference, Security

Drawn spider web. Source: Internet is full of web applications. Sysadmins used to joke that HTTP is short for Hypertext Tunnelling Protocol, because anything but web content is transported via HTTP these days. It’s the best way to break out of restricted environment, too. So the chances are good that you will need the skills for dealing with all kinds web. Fortunately our training Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation conducted by Dawid Czagan has a few seats left. Don’t get distracted by the title. Focus on the phrase full-stack exploitation. It’s not just about sending HTTP requests and seeing what the application does. It’s all about using the full spectrum of components and technologies used for modern web applications.

The training is not only suited for information security researchers. The course addresses REST APIs, AngularJS-based application hacking, DOM-based exploitation, how to bypass the Content Security Policy of a web site, server-side request forgery, browser-dependent exploitation, all kinds of attacks against databases (SQL and NoSQL alike), exploiting type confusion vulnerabilities in code, exploiting race conditions, path-relative stylesheet import vulnerabilities, subdomain takeover, and more; just to name a few attack vectors. This is highly important for anyone doing software development. It is basically the „what can possibly go wrong version?“ of a secure coding workshop. So you should not only think in terms of finding high valuable bugs, instead think of the training as quality assurance for your development team. Furthermore Dawid will show you how to correctly use tools and techniques against your code.

The training is a hands-on experience. This means you will actually get to find bugs in software applications. Bring your own laptop. Dawid has conveniently compiled packages for you to install. You will be able to get right to the point of analysing security. Seats are still available in our ticket shop.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.