Web Application Testing Workshop

Cover6 Solutions has a passion for teaching and a love for information security; we strive to provide premium training without the premium cost.

The next class starts in ...

 
 

About the Training

Join us on Saturday, October 5th, 2019 for a full day of happy hacking joy, where you will be learning by doing hands-on labs and attacking. A smile will spread across your face as you explore weaknesses in IT systems, applications and web apps, IoT devices, protocols and ICS/SCADA systems. If the ever-connected world gives you vulnerable targets, hack all the things. The OWASP Top Ten will be the focus over a variety of different types of vulnerabilities from a hacker perspective, moving beyond the white hat tester mentality.

What will we be discussing?

  • Threat modeling Underground economies and markets where intellectual property and data are sold.
  • Discussing the reality of the economic consequences of exploitable technology from terrorism to cyber warfare.
  • Who knew software vulnerabilities could lead to some crazy nation on nation shi*t? You'll learn how to find some serious issues and exploit that code so hard the original developer or vendor will feel it.

What will we be doing?

You’ll jump right in and learn with a customized Kali pen testing operating system.

You'll be using OWASP ZAP, BeEF, Metasploit, Nmap, Recon NG, Nessus, Nikto, Maltego, Shodan, Censys, alternative search engines, OSINT, SpiderFoot and metadata tools.

You'll be finding exploitable systems, scanning, sniffing for credentials, XSS reflected and stored attacks, attacking browsers via JavaScript, SQL injection, CSRF, data leaks, replay attacks, exploiting vulnerable operating systems, applications, websites, embedded systems, and critical infrastructure ICS/SCADA.

You'll also learn:

  • How attackers cover their tracks and take advantage of insufficient logging and monitoring
  • How attackers discover then pivot from one weak system to another, burrowing deep into an organization to steal intellectual property, data or anything of juicy value

Required Materials
Attendees must bring a curious mind and some technology. Caution, using a Windows 10 host operating system can sometimes be problematic due to various auto-protection mechanisms in place by Microsoft. Mac/Apple operating systems can be used as a host but try to use the VM Fusion 64-bit version.

  • Laptop with administrative privileges and 8 GB of RAM with 100 GB hard disk free
  • Installation of VM Ware Player or Fusion
  • Network connection, RJ45 and can be a USB to RJ45
  • API keys and accounts setup in advance for the course
  • Bring your own hoodie

Required Text

Agenda

  • Course & Attendee Intro
  • Lab Machine Setup
  • Hacker/ Pentester/Nation-State Mentalities
  • OWASP Top 10
  • Recon - Intro to Methodology
  • OSINT Tool Setup (OWASP ZAP, Metasploit, Nmap, SpiderFoot, Nikto, Maltego etc.)
  • Recon - Hands-on Passive OSINT
  • Recon - Hands-on Active OSINT
  • OWASP #1 Injections
  • OWASP #2 Broken Authentication
  • OWASP #3 Sensitive Data Disclosure
  • OWASP #4 Security Misconfiguration

References

About the Instructor


Christina Kubecka
Founder & CEO
HypaSec

Chris is the Founder and CEO of HypaSec. Previously, Chris headed the Information Protection Group, network operations, security operations and joint-international intelligence team for the Aramco family. Helping to recover Aramco from a nation-state attack to implement digital security and reconnect international business operations. Responsible for all digital IT and ICS assets throughout the EMEA region (minus KSA) and Latin America. Subsequently, establishing and assisting global digital security teams, standards, security driven legal contracts for secure software development with third parties, the Aramco EU/UK Privacy group with internal and external council and computer emergency response teams.

Chris has practical and strategic hands-on experience in several cyber warfare incidents. USAF Space Command, detecting and helping to halt the July 2009 Second Wave attacks from the DPKR against South Korea and helping to recover and reestablish international business operations after the world’s most devastating cyber warfare attack, Shamoon in 2012. Expert advisor and panelist for several governments and parliaments. Author of several books, offensive security trainer, digital security course creator, recognized expert in several digital security fields including IT/IOT/ICS SCADA space, maritime, aviation, oil & gas, electric, water and nuclear.

More about HypaSec Twitter - Chris Kubecka

Workshop Location

Upcoming Trainiing