One Week Left to Get an 11" iPad Pro, a Surface Go 2, or $300 Off with OnDemand Training

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Strut(s) your stuff.

  • Friday, October 13, 2017 at 3:30 PM EDT (2017-10-13 19:30:00 UTC)
  • Moses Hernandez

You can now attend the webcast using your mobile device!

  

Overview

Apache Struts, the framework, has been in the news repeatedly over the past months (and dare we say now years), most recently with the Equifax breach. It is a popular enterprise framework used by many companies, with many that struggle in keeping their frameworks updated and safe. We cover many of these frameworks and attacks in the SEC642 Advanced Web Application Penetration Testing course. The webcast will go over one of the more talked about Apache Struts vulnerability, how the exploit payload and code works and what it is designed to do. We will provide different ways of searching for these types of defects in software like java as well as a way for finding weather you have appropriately updated your own version of struts. If you are a red team member focused on web applications, or a blue team focused defender and which to see how these attacks work, we invite you to join us.

Speaker Bio

Moses Hernandez

Moses Hernandez is a seasoned security professional with over 15 years in the IT industry. He has held positions as a network engineer, network architect, security architect, platform engineer, site reliability engineer, and consulting sales engineer. He has a background in complex network systems, systems administration, forensics, penetration testing, and development. He has worked with some of the largest companies in the nation as well as fast-growing, bootstrap startups.

Moses has developed information security regimens safeguarding some of the most sensitive personal data in the nation. He creates custom security software to find and mitigate unknown threats, and works on continually evolving his penetration testing skills. He enjoys building software, networks, systems, and working with business-minded individuals.

Moses's current passions include offensive forensics, building secure systems, finance, economics, history, and music.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.