The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

Provided more depth on available tools than any other conference!
-Eric Moriak, Flowserve

DEVELOPER 538

Web Application Pen Testing Hands-On Immersion

6 CPE Credits Per Day

In the first half of 2008, five million Web sites were compromised by automated SQL injection attacks. The hackers' goal was to inject links to malicious content in order to infect the users of the Web application. These automated attacks do not show any sign of stopping and will likely visit your Web applications in the near future. Don't want to be a part of the statistics? Performing runtime testing is essential to making your Web site secure. Developer 538 is a two-day course focusing on up-to-date, hands-on testing of Web application security.

This fast-paced course is ideal for students who have a basic understanding of Web application security vulnerabilities and testing methodologies and are looking to refresh and upgrade their skill set in pen testing Web applications. It is also well suited to infrastructure pen testers who are expanding testing scope to Web applications. If you are going to be testing Web applications in the next few months, this course will help you brush up on your Web application security testing knowledge. Whatever your level is, it will give you confidence to know that you have the hands-on experience to perform testing against common vulnerabilities.

This action-packed, two-day course has a strong, hands-on focus -- exercises are designed to give you experience with real-world vulnerabilities. Throughout the two days, you will be using various testing concepts to test vulnerable Web applications. The target applications are as realistic as possible. The labs are structured so both novices and intermediate students can enjoy the learning experience.

  • Who should attend
    • Infrastructure penetration testers who are trying to expand into pen testing Web applications
    • Developers who are interested in testing their applications against common vulnerabilities
    • QA testers who are responsible for testing security vulnerabilities in applications
    • Information security professionals with some background in hacker exploits
  • Sampling of exercises
    • Web Fingerprinting
    • Input Manipulation
    • Blind SQL Injection
    • Non-obvious Session Issues
    • Brute Forcing Credentials
    • Cross-Site Scripting
    • Code Review

I learned more here in six days than I could in a year in terms of breadth of knowledge.
-Stephen Yuhas, TESSCO Technologies

Author Statement

"As Web attacks are getting more common in the wild, it is essential for professionals related to the software development lifecycle to learn how to test their applications. Many of the Web application vulnerabilities being exploited are easily discovered by penetration testing against the application. Having tested hundreds of applications for security vulnerabilities, I am hoping to pass on what I have learned to the students. Attendees will learn to test real-world applications for vulnerabilities. The goal is to learn through in-class exercises, which are designed to walk students through the steps of discovering and exploiting vulnerabilities. Through such practice, I am hoping students can gain confidence in finding vulnerabilities in the applications they test."
- Jason Lam, Course Instructor and Author

Training Events By Course