Class begins on April 3rd, 2017 (Monday through Saturday) when we will learn all about web app pen testing while preparing for the GIAC GWAPT (Web Application Penetration Tester) certification.
This is a six day Community SANS event, complete with an attack/lab virtual machine, books, all class materials and a full day of Capture the Flag (CTF) on day six to drive home all of the concepts and tools.
This is certainly one of my favorite classes and I think one of the best parts about this class is the quality and quantity of the hands-on labs; we cover everything from Burp Suite and Command Injection to XSRF and Zap! You keep the tools, you keep the custom VM, you keep the labs and you gain great experience... more details are below.
SECURITY 542: Web App Penetration Testing and Ethical Hacking: www.sans.org
We will be covering all of these topics and more:
- Interception Proxies
- ZAP (Zed Attack Proxy)
- Burp Suite
- SQL Injection
- Logic Attacks
- Reflected Cross-Site Scripting (XSS)
- Stored Cross-Site Scripting (XSS)
- Local File Inclusion (LFI)
- Command Injection
- Remote File Inclusion (RFI)
- Cross-Site Request Forgery (XSRF)
- Automated web app vulnerability scanning tools
- Manual scanning techniques
If your job description falls under one of these categories and you have an affinity towards information security or a desire to learn how attackers are able to compromise web applications, then this class is for you:
- General security practitioners
- Penetration testers
- Ethical hackers
- Web application developers
- Website designers and architects