Difference between revisions of "AppSecLatam2012/Training/Hands On Web Application Testing"

From OWASP
Jump to: navigation, search
(Created page with "=AppSec Latam 2012 Training: Advanced Vulnerability Research and Exploit Development= '''Course Length: 2 Day'''<br> Training Audience: Technical, Developers<br> Required Skil...")
 
 
Line 8: Line 8:
 
The goal of the training session is to teach students how to identify, test, and exploit web application vulnerabilities.  The creator and project lead of the OWASP Live CD, now recoined OWASP  WTE, will be the instructor for this course and WTE will be a major component of the class. Through lecture, demonstrations, and hands on labs, the session will cover the critical areas of web application security testing using the OWASP Testing Guide v3 as the framework and a custom version of OWASP WTE as the platform.  Students will be introduced to a number of open source web security testing tools and provided with hands on labs to sharpen their skills and reinforce what they’ve learned.  Students will also receive a complementary DVD containing the custom WTE training lab, a copy of the OWASP Testing Guide, handouts and cheat-sheets to use while testing plus several additional OWASP references.  Demonstrations and labs will cover both common and esoteric web vulnerabilities and includes topics such as Cross-Site Scripting (XSS), SQL injection, CSRF and Ajax vulnerabilities.  Students are encouraged to continue to use and share the custom WTE lab after the class to further hone their testing skills.
 
The goal of the training session is to teach students how to identify, test, and exploit web application vulnerabilities.  The creator and project lead of the OWASP Live CD, now recoined OWASP  WTE, will be the instructor for this course and WTE will be a major component of the class. Through lecture, demonstrations, and hands on labs, the session will cover the critical areas of web application security testing using the OWASP Testing Guide v3 as the framework and a custom version of OWASP WTE as the platform.  Students will be introduced to a number of open source web security testing tools and provided with hands on labs to sharpen their skills and reinforce what they’ve learned.  Students will also receive a complementary DVD containing the custom WTE training lab, a copy of the OWASP Testing Guide, handouts and cheat-sheets to use while testing plus several additional OWASP references.  Demonstrations and labs will cover both common and esoteric web vulnerabilities and includes topics such as Cross-Site Scripting (XSS), SQL injection, CSRF and Ajax vulnerabilities.  Students are encouraged to continue to use and share the custom WTE lab after the class to further hone their testing skills.
  
 +
'''[https://www.owasp.org/images/5/54/Hands-on-web-application-tessting_course-info.pdf PDF with Detailed Course Information]'''
  
  

Latest revision as of 21:10, 3 October 2012

AppSec Latam 2012 Training: Advanced Vulnerability Research and Exploit Development

Course Length: 2 Day
Training Audience: Technical, Developers
Required Skill Level: Intermediate


Course Description

The goal of the training session is to teach students how to identify, test, and exploit web application vulnerabilities. The creator and project lead of the OWASP Live CD, now recoined OWASP WTE, will be the instructor for this course and WTE will be a major component of the class. Through lecture, demonstrations, and hands on labs, the session will cover the critical areas of web application security testing using the OWASP Testing Guide v3 as the framework and a custom version of OWASP WTE as the platform. Students will be introduced to a number of open source web security testing tools and provided with hands on labs to sharpen their skills and reinforce what they’ve learned. Students will also receive a complementary DVD containing the custom WTE training lab, a copy of the OWASP Testing Guide, handouts and cheat-sheets to use while testing plus several additional OWASP references. Demonstrations and labs will cover both common and esoteric web vulnerabilities and includes topics such as Cross-Site Scripting (XSS), SQL injection, CSRF and Ajax vulnerabilities. Students are encouraged to continue to use and share the custom WTE lab after the class to further hone their testing skills.

PDF with Detailed Course Information


Instructor Bio

Instructor: Matt Tesauro

Matt Tesauro has worked in web application development and security since 2000. He has worn many different hats, from developer to DBA to System Administrator to Penetration Tester. Matt also taught graduate and undergraduate classes on web application development and XML at Texas A&M University. Currently, he's focused on application security risk assessments at Praetorian. Outside work, he is the project lead for the OWASP Live CD / WTE, a member of the OWASP Foundation board, and part of the Austin OWASP chapter leadership. Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University. He is also has the CISSP, CEH (Certified Ethical Hacker), RHCE (Red Hat Certified Engineer), and Linux+ certifications.