Assessing and Exploiting Web Applications with Samurai-WTF - Revision history

Achim at 21:17, 10 November 2014

2014-11-10T21:17:34Z

Achim: category OWASP/Training changed to OWASP Training

2014-11-10T21:17:11Z

category OWASP/Training changed to OWASP Training

Achim: category changed to OWASP/Training AppSec_DC_2010

2014-11-10T20:40:47Z

category changed to OWASP/Training AppSec_DC_2010

Achim: category changed to OWASP/Training AppSec_DC_2010

2014-11-10T20:36:52Z

category changed to OWASP/Training AppSec_DC_2010

Dallendoug: /* Instructor */ updated as per Justin's request

2010-09-27T01:41:56Z

‎Instructor: updated as per Justin's request

Dallendoug: /* Description */ updated at Justin's request

2010-09-27T01:41:15Z

‎Description: updated at Justin's request

Mark.bristow: Created page with 'NOTOC link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'

2010-09-22T21:33:05Z

Created page with '__NOTOC__ link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'

New page

__NOTOC__
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]

[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
<br>
==Description==
'''Course Length: 2 Days'''

This course focuses on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (SamuraiWTF). After a quick overview of web app pentesting methodology, the instructor will lead attendees through the penetration and exploitation of three different web applications and the browsers connecting to them. Different sets of open source tools will be used on each web application to introduce a greater number of tools and allow each attendee to learn first hand the pros and cons of each tool. After attendees have gained experience with the SamuraiWTF tools, the instructor will unleash the class on a fourth web application, challenging the attendees to practice the skills they have gained and experiment with their favorite tools. The latest tools and techniques will be use throughout the course, including several tools developed by the trainers themselves.

==Student Requirements==
Students Need to Bring:
# Laptop with a functional DVD drive or the latest VMware Player, VMware Workstation, or VMware Server installed
# Ability to disable all security software on their laptop such as Antivirus and/or firewalls
# Four (4) GB of hard drive space
# At least two (2) GB of RAM

==Objectives==
Skill: Intermediate

# Attendees will be able to explain the steps and methodology used in performing web application assessments and penetration tests.
# Attendees will be able to use the open source tools on the Samurai-WTF CD to discover and identify vulnerabilities in web applications.
# Attendees will be able to exploit several client-side and server-side vulnerabilities.

==Instructor==
'''Instructor: Justin Searle''' Justin Searle, a Senior Security Analyst with InGuardians, specializing in the penetration testing of web applications, networks, and embedded devices. Justin currently leads the Smart Grid Security Architecture group of the CSWG (Cyber Security Work Group) for NIST (National Institute of Standards and Technologies) and is a member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid). Previously, Justin has served as JetBlue Airway’s IT Security Architect. Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. Justin co-leads prominent open source projects including the Samurai-WTF (Web Testing Framework…), Middler, Yokoso!, and Laudnum. Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA).

'''Instructor: Mike Poor''' Mike Poor is a founder and Senior Security Analyst with InGuardians. Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike is an author and editor of the international best seller “Snort 2.1” book from Syngress, and is a Handler for the Internet Storm Center. Mike teaches Intrusion Detection for the SANS Institute and has supported Intrusion Detection and Incident Response teams for the military, and has worked for Sourcefire as a research engineer, and for the SANS Institute leading their Intrusion Analysis Team.

[[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training]]] [[Category:Intermediate_Training]]]

← Older revision		Revision as of 21:17, 10 November 2014
Line 31:		Line 31:


−	[[Category:OWASP Training/AppSec_DC_2010]] [[Category:~~OWASPTraining~~/Basic]]	+	[[Category:OWASP Training/AppSec_DC_2010]] [[Category:OWASP Training/Basic]]

← Older revision		Revision as of 21:17, 10 November 2014
Line 31:		Line 31:


−	[[Category:OWASP/~~Training~~ AppSec_DC_2010]] [[Category:~~OWASP~~/~~Training~~ Basic]]	+	[[Category:OWASP Training/AppSec_DC_2010]] [[Category:OWASPTraining/Basic]]

← Older revision		Revision as of 20:40, 10 November 2014
Line 31:		Line 31:


−	[[Category:OWASP/Training AppSec_DC_2010]] [[Category:~~Basic_Training~~]]	+	[[Category:OWASP/Training AppSec_DC_2010]] [[Category:OWASP/Training Basic]]

← Older revision		Revision as of 20:36, 10 November 2014
Line 31:		Line 31:


−	[[Category:~~AppSec_DC_2010_Training~~]] [[Category:Basic_Training~~]]] [[Category:Intermediate_Training]~~]]	+	[[Category:OWASP/Training AppSec_DC_2010]] [[Category:Basic_Training]]

@@ Line 26: / Line 26: @@
 ==Instructor==
-'''Instructor: Justin Searle'''  Justin Searle, a Senior Security Analyst with InGuardians, specializing in the penetration testing of web applications, networks, and embedded devices.  Justin currently leads the Smart Grid Security Architecture group of the CSWG (Cyber Security Work Group) for NIST (National Institute of Standards and Technologies) and is a member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid).  Previously, Justin has served as JetBlue Airway’s IT Security Architect.  Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations.  Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS.  Justin co-leads prominent open source projects including the Samurai-WTF (Web Testing Framework…), Middler, Yokoso!, and Laudnum.  Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA).
+'''Instructor: Justin Searle'''  Justin Searle, a Senior Security Analyst with InGuardians, specializing in the penetration testing of web applications, networks, and embedded devices.  Justin is an active member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid) and lead the Smart Grid Security Architecture group in the create of NIST Interagency Report 7628.  Previously, Justin served as JetBlue Airway’s IT Security Architect, and has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations.  Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS.  Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudnum.  Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA).
 '''Instructor: Mike Poor''' Mike Poor is a founder and Senior Security Analyst with InGuardians.  Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits and architecture reviews.  His primary job focus however is in intrusion detection, response, and mitigation.  Mike is an author and editor of the international best seller “Snort 2.1” book from Syngress, and is a Handler for the Internet Storm Center.  Mike teaches Intrusion Detection for the SANS Institute and has supported Intrusion Detection and Incident Response teams for the military, and has worked for Sourcefire as a research engineer, and for the SANS Institute leading their Intrusion Analysis Team.

@@ Line 7: / Line 7: @@
 '''Course Length: 2 Days'''
-This course focuses on using open source tools to perform web application assessments.  The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (SamuraiWTF).  After a quick overview of web app pentesting methodology, the instructor will lead attendees through the penetration and exploitation of three different web applications and the browsers connecting to them.  Different sets of open source tools will be used on each web application to introduce a greater number of tools and allow each attendee to learn first hand the pros and cons of each tool.  After attendees have gained experience with the SamuraiWTF tools, the instructor will unleash the class on a fourth web application, challenging the attendees to practice the skills they have gained and experiment with their favorite tools.  The latest tools and techniques will be use throughout the course, including several tools developed by the trainers themselves.
+Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project!  You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments.  After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of two different web applications, including client side attacks on the browsers connecting to those sites.  Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool.  After you have gained experience with the Samurai-WTF tools, you will be challenged with a third web application.  This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools.  This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.
 ==Student Requirements==

Assessing and Exploiting Web Applications with Samurai-WTF - Revision history

Achim at 21:17, 10 November 2014

Achim: category OWASP/Training changed to OWASP Training

Achim: category changed to OWASP/Training AppSec_DC_2010

Achim: category changed to OWASP/Training AppSec_DC_2010

Dallendoug: /* Instructor */ updated as per Justin's request

Dallendoug: /* Description */ updated at Justin's request

Mark.bristow: Created page with '__NOTOC__ link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'

Mark.bristow: Created page with 'NOTOC link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…'