OWASP AppSec DC 2012/Training/Assessing and Exploiting Web Applications with Samurai-WTF

Revision as of 20:39, 17 January 2012 by Mark.bristow (talk | contribs) (Created page with "__NOTOC__ {{:OWASP AppSec DC 2012 Header}} ==Description== '''Course Length: 2 Day''' Come take the official Samurai-WTF training course given by the two founders and lead de...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org


Course Length: 2 Day

Come take the official Samurai-WTF training course given by the two founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

Student Requirements

Laptop Required: Students Need to Bring: Nerf guns, assuming they make their return this year.  ;-)


Audience: Management, Technical, Operations Skill Level: Basic

1. Attendees will be able to explain the steps and methodology used in performing web application assessments and penetration tests.
2. Attendees will be able to use the open source tools on the Samurai-WTF CD to discover and identify vulnerabilities in web applications.
3. Attendees will be able to exploit several client-side and server-side vulnerabilities.


Justin Searle & Kevin Johnson

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg