Apache Struts, the framework, has been in the news repeatedly over the past months (and dare we say now years), most recently with the Equifax breach. It is a popular enterprise framework used by many companies, with many that struggle in keeping their frameworks updated and safe. We cover many of these frameworks and attacks in the SEC642 Advanced Web Application Penetration Testing course. The webcast will go over one of the more talked about Apache Struts vulnerability, how the exploit payload and code works and what it is designed to do. We will provide different ways of searching for these types of defects in software like java as well as a way for finding weather you have appropriately updated your own version of struts. If you are a red team member focused on web applications, or a blue team focused defender and which to see how these attacks work, we invite you to join us.