MDSec works at the forefront of application security. Our latest edition of the Web Application Hacker’s Handbook [Wiley, 2011] spans 870 pages, and we run numerous global training courses on web application security for development teams, and professional testers alike. The course follows the chapters of the second edition of The Web Application Hacker’s Handbook, with strong focus on practical attacks (there are only 140 slides in either of the two or three-day courses).
Our WAHH Live Course has been delivered at Black Hat, Hack in the Box, SyScan, Countermeasure and 44CON, and over one thousand classroom and online students over the years.
The course is highly practical. There are only 140 slides in the course, which relies primarily on 400+ vulnerable examples from all of the chapters of the book, and a Capture the Flag (CTF) exercise. We have made one of the main servers we use available online; if you want to see inside the labs you can view the demo.
Our course features Burp Suite at its heart. Whilst many experienced web application testers may be currently using Burp, there are often many options and extended capabilities that users do not have time to investigate on time-limited assessments.
If requested, MDSec’s training can be adapted and extended to help you learn more about Burp Suite, including:
Meanwhile, if the above is unfamiliar territory, you can be reassured that if you want a full “zero to hero” approach, we can take you through from the basics of the HTTP protocol, setting up the tool for optimal use, the capabilities and use of each of the key components of Burp Suite, and get you performing both automated and manual web application tests. QA Teams love it!
After a short introduction to the subject we delve into common insecurities in logical order:
Attendees will gain theoretical and practical experience of:
For more detailed information about the course’s practical structure, please see the Web Application Hacker’s Methodology chapter from the original version of the book.