Application Vulnerabilities and Attacks
This one-day (6 CPE*) course, will describe, explain, and demonstrate some of the most wide-spread and critical application security flaws such as “SQL Injection”, “Cross Site Scripting”, “Weak Session Management”, and others. Students will learn what each vulnerability is, why they are important, how to attack them, and how to reduce the risks associated with each of them.
This class accommodates any skill level:
- If you just want a refresher, or to learn the basics, this is for you.
- If you’re already familiar with application vulnerabilities, this will take you to the next level of understanding.
- If you’re already an application penetration tester, you can ignore the carefully developed course material and expert presentation and instead follow the “hidden challenges” path and hide away in your own little nerd-world to find and hack your way to glory and prizes.
Every student will receive:
- A unique adeptSec USB flash drive loaded with a customized operating system, a truly vulnerable application, and all the tools needed to successfully exploit it.
- Digital course materials
- A certificate of completion
- Activity Summary Form for claiming Continuing Professional Education (CPE*) credits
- Light breakfast and Snack
- 2 hours of free golf and buffet dining (after class, 4:30-6:30)
Who Should Attend?
- Builders of applications
- Defenders of applications
- Those responsible for security of applications and data they touch
- Buyers/Users that rely on secure applications
Why?
Because you should know more about application security, what all the buzz-words mean, and how hackers break into your apps. Understanding how attackers find and exploit security flaws can result in:
- Better security built directly into your applications – Once you see how attackers approach an application, designing in defenses becomes second nature.
- Ability to find and mitigate security problems before they cause trouble – Knowing how to simulate the actions of an attacker gives you a real-world perspective on your apps and their security controls.
- Knowledge and information needed to better negotiate with service providers and application vendors – Being able to describe security issues and risks for your organization can result in more efficient expenditure of budgets and can also provide leverage to accelerate vendor software update cycles.
* Please check your specific requirements regarding continuing education credits to verify applicability of this class.
Vulnerabilities that will be highlighted include the Open Web Application Security Project (OWASP) Top 10. The OWASP community includes corporations, educational organizations, and individuals around the globe, and the top 10 is a short and simple software security guideline which covers the vast majority of application security issues.
The following web application security issues will be covered:
- Injection
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
This class will also teach you how to use a local web proxy, which is the most important tool employed by hackers to identify and exploit vulnerabilities in web applications. With this tool, you can view and modify all information sent and received by your web browser to and from web applications.
THE ULTIMATE VENUE FOR CYBERSECURITY TRAINING
Topgolf is the premier golf entertainment complex where the competition of sport meets your favorite local hangout. You can challenge your friends and family to addictive point-scoring golf games that anyone from the hopeful pro golfer to your neighbor’s 7-year-old kid can play year-round. Just picture a 240-yard outfield with dartboard-like targets in the ground. The closer to the center or “bull’s-eye” you get and the farther out you hit your microchipped balls, the more points you receive. Score even bigger with Topgolf’s extensive food and beverage menu that is sure to impress even the pickiest foodies.
Golf skills are definitely not required to have fun at Topgolf.
Their extensive food & drink menu, 200+ HDTVs and addictively fun games provide something for everyone!
Tuition includes a light breakfast, snacks, 2 hours of free golf, and a top-shelf buffet dining option after class.
20356 Commonwealth Center Dr. Ashburn, VA 20147 (703) 763-2020
! A laptop that can boot to an external USB drive is highly recommended.
Golf clubs – Only if you want to. Topgolf provides complimentary clubs.
Golf Shoes – Only if you want to. Topgolf does not require golf shoes, so wear any shoes you’re comfortable golfing in.
Each student will receive a customized USB flash drive which contains an operating system, hacker tools, and a web application riddled with holes. Laptops that can boot to the USB flash drive will require no additional configuration or installation of software.
Laptops that cannot boot to USB can perform all attacks, but will need to have Java and a local web proxy installed on their machines. Java and a local web proxy installation packages will be available on the adeptSec USB flash drive.
Students with laptops will launch attacks to exploit common application vulnerabilities and gain unauthorized access. It is highly recommended that you bring a laptop, as actually hacking an app is the most effective way to retain what you learn or maintain your skills. It’s also fun.
Oh.. and you should bring a laptop.
REFUNDS If you cannot attend, you may transfer your registration to someone else. If you do, please let us know. If you find that you cannot attend the class and you have no one to replace you, please submit your refund request in writing to registration@adeptsec.com. Students who wish to cancel and receive a refund for this class must submit a cancel/change/refund request by email to registration@adeptsec.com by 30 days prior to the date of the class. Cancellations less than 30 days prior to the date of the class are not refundable, but can be transferred.
SPECIAL REQUESTS If you have any special requests, please contact us at registration@adeptsec.com.
Adept Security Consulting is new, but our experience is vast. With over 20 years of experience in the information security field, our founder has performed hundreds of network and application penetration tests for government and commercial organizations.
Adept Security Consulting, LLC
P.O. Box 2025 Frederick, MD 21702
301-694-5599
information@adeptsec.com