Presented by Security Kaizen Labs | Nov 25 – Nov 28
Course Code: PEN502
- Additional Information
- Reviews (0)
Come take the official Samurai-WTF (Web Testing Framework) training course given by one of the founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructor will lead you through the process of testing and exploiting web applications, including client side attacks using flaws within the application. We’ll introduce you to the best open source tools currently available, and teach you how these tools integrate with the manual testing techniques. One of the major goals in this course is teaching you the glue that keeps all these techniques and tools together to successfully perform a pentest from beginning to end, which is overlooked in most web pentesting courses.
The majority of the course will be performing an instructor lead, hands-on penetration test. We don’t give you a list of overly simplistic steps to go and do in the corner. Instead, at each stage of the test we present the goals that each testing task is to accomplish and perform pentest along with you on the projector while you are doing it on your own machine. Primary emphasis of these instructor lead exercises is how to integrate these tools into your own manual testing procedures to improve your overall workflow. At the end of course, you will be challenged with a capture the flag event to apply your new skills and knowledge. We will also send you home with several additional vulnerable web apps to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.
Dubai – Accommodation: Included
|Who Should Attend?||
Pen Testers – Security Auditors – Web Developers – IT Security Professionals – Site Security Officers – System and network administrators – Anyone interested in Web Security
A basic understanding of web application vulnerabilities and attacks is assumed. This course will focus on use of the tools and their integration into your manual testing procedures, not the theories behind the attacks. This course is designed for novice to intermediate level security professionals, be they developers, managers, or penetration testers.
|What to bring?||
Your own laptop with the Latest VMware Player, VMware Workstation, VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality, however VMware Player should be prepared as a backup just in case.The Preferred VM ( Virtual Box) – Ability to disable all security software on their laptop such as Antivirus and/or firewalls – At least twenty (20) GB of hard drive space – At least four (4) GB of RAM
|About Justin Searle||
Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. Mr. Searle is currently a certified instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).