Class begins on September 17, 2018 (Monday through Saturday) when we will learn all about defending web applications while preparing for the GIAC GWEB (Certified Web Application DEFENDER) certification.
This is a six day Community SANS event, complete with an attack/lab virtual machine, books, all class materials and immersive, hands-on training every day.
One of my favorite things about this class is the amount of material - its quite in-depth. You keep the tools, you keep the custom VM, you keep the labs and you gain great experience... more details are below.
DEVELOPMENT 522: Web App Penetration Testing and Ethical Hacking: www.sans.org
The topics that will be covered include:
- Infrastructure security
- Server configuration
- Authentication mechanisms
- Application language configuration
- Application coding errors like SQL injection and cross-site scripting
- Cross-site request forging
- Authentication bypass
- Web services and related flaws
- Web 2.0 and its use of web services
- XPATH and XQUERY languages and injection
- Business logic flaws
- Protective HTTP headers
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.