DÉLKA: 40 Hours (5 dní)
CENA: Kč 110 000,00
Školení je vedeno v anglickém jazyce zahraničním lektorem formou virtuální školení.
Cena školení je 5000 USD bez DPH - tato cena bude při fakturaci přepočtena aktuálním kurzem.
This fastpaced class gives attendees an insight into advanced AppSec topics. The class curriculum is split into two: 3 days of Server Side Flaws. 2 days of Client Side Flaws.
We have brought together the most talented experts to challenge our clients. The team has recreated security vulnerabilities based on actual penetration tests and real bug bounties seen in the field. This fastpaced class gives attendees an insight into advanced AppSec topics. The class curriculum is split into two:
• 3 days of Server Side Flaws
• 2 days of Client Side Flaws
If you work in the security industry of modern web applications, you will
benefit from this class.
This class is available remotely to all Check Point customers and partners.
• Course material will be provided on-site and via access to a private Github repo so all attendees will receive updated material even months after the actual training
This is not a beginner class. To gain the maximum value from the topics
being explored, attendees should have a strong understanding of the
OWASP top 10 issues.
The class does not cover all AppSec topics and focuses only on advanced
identification and exploitation techniques of vulnerabilities.
Server Side Flaws (3 days):
These vulnerabilities affect well-known software/websites and span across multiple
technologies, such as .NET framework to Node.js applications. We selected vulnerabilities that typically go undetected by modern scanners, or have less-known exploitation techniques.
• SQL Injection
2nd order injection
WAF bypass techniques
• XXE Injection
Blind XXE injection
Case Study of recent XXE bugs
XXE to Code Execution
• Serialization Flaws
PHP object injection
Java serialization flaw
Case study of recent serialization flaws
• HTTP Parameter Pollution (HPP)
Detecting HPP in application
Case study of recent HPP bugs
• Business Logic Flaws
Mass assignment bugs
OS code injection
Client Side Flaws (2 days):
Whether you want to attack modern web applications or shiny browser extensions and Chrome Packaged Apps, we have that covered.
Course material will be provided on-site and via access to a private Github repo so all attendees will receive updated material even months after the actual training.
• Starts with:
Client Side flaws (basics)
HTTP / Encoding
CSRF and detail
Drag&Drop / Copy&Paste
• Moves on to:
HTML5 Attacks & Vectors
Mutation XSS / mXSS
Optimizing your payload