Get practical pen test, red team, purple team, or exploit dev training from expert instructors at this Novembers HackFest!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Introduction to enterprise vulnerability assessment; finding Struts

  • Tuesday, June 12, 2018 at 10:30 AM EST (2018-06-12 14:30:00 UTC)
  • Adrien de Beaupré

You can now attend the webcast using your mobile device!

  

Overview

This is an introduction to SANS SEC460, Enterprise Threat and Vulnerability Assessment, focusing on web application testing. It's a story about how a vulnerability in a framework could lead to web application compromise. We will discuss how a remote code execution vulnerability led to the Equifax data breach. If there is an exploitable condition in a component that your application relies on you could be in trouble. A properly performed security assessment can help you identify these issues and describe the risk associated with it. The Struts 2 framework implemented poor input validation in an API call which meant that any and all applications based on that framework were vulnerable. A live demo of identifying the vulnerability will be performed during the session.

 

Adrien de Beaupre is the co-author of the brand new course, SEC460, Enterprise Threat and Vulnerability Assessment.

Speaker Bio

Adrien de Beaupré

Adrien de Beaupre is a Principal SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes course development, technical instruction, vulnerability assessment, and penetration testing. He is a member of the SANS Internet Storm Center (isc.sans.edu) and is actively involved with the information security community.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.