For many years, the Web Application Hacker’s Handbook has been the de facto resource for professional web application assessments. The authors have run training courses based on this book for over 10 years, for thousands in the field.
However, we believe today’s readers can find numerous online examples and labs which cover the basics.
This course is for the professional who can churn through 5-10 day application assessments but has not followed up on key areas to build their career and abilities further. This target professional is likely to resonate with the below:
This course focuses on giving delegates the grounding in tooling, methodology and experience to take on areas of an application which may previously have felt out of reach on a short-term assessment. If you have been in professional application security assessment for over a year or so, you will likely empathise with the issues at the heart of the “Course Contents” shown below.
You can get the quickest feel for what’s on the course, by understanding what we do not cover: no SQL injection, XSS, traversal… This is not a course on basics that you can find elsewhere; in fact, we can give delegates free access outside of the course to our previous labs server with over 400 examples in all of these common areas. This will allow us to focus on areas you will not have encountered elsewhere.
Who should take this course?
The course is designed to provide additional capabilities and learning for appsec professionals who can already achieve general security coverage of a web application.