Online Training Special Offer! Get an iPad Mini, Surface Go, or $300 Off thru Oct 2!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Strut(s) your stuff.

  • Friday, October 13th, 2017 at 3:30 PM EDT (19:30:00 UTC)
  • Moses Hernandez
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Apache Struts, the framework, has been in the news repeatedly over the past months (and dare we say now years), most recently with the Equifax breach. It is a popular enterprise framework used by many companies, with many that struggle in keeping their frameworks updated and safe. We cover many of these frameworks and attacks in the SEC642 Advanced Web Application Penetration Testing course. The webcast will go over one of the more talked about Apache Struts vulnerability, how the exploit payload and code works and what it is designed to do. We will provide different ways of searching for these types of defects in software like java as well as a way for finding weather you have appropriately updated your own version of struts. If you are a red team member focused on web applications, or a blue team focused defender and which to see how these attacks work, we invite you to join us.

Speaker Bio

Moses Hernandez

Moses Hernandez is a seasoned security professional with over 15 years in the IT industry. He has held positions as a network engineer, network architect, security architect, platform engineer, site reliability engineer, and consulting sales engineer. He has a background in complex network systems, systems administration, forensics, penetration testing, and development. He has worked with some of the largest companies in the nation as well as fast-growing, bootstrap startups.

Moses has developed information security regimens safeguarding some of the most sensitive personal data in the nation. He creates custom security software to find and mitigate unknown threats, and works on continually evolving his penetration testing skills. He enjoys building software, networks, systems, and working with business-minded individuals.

Moses's current passions include offensive forensics, building secure systems, finance, economics, history, and music.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.