From BruCON 2012

[edit] Assessing and Exploiting Web Applications with Samurai-WTF by Raul Siles

This course takes attendees through the process of web application assessment using the open source tools included in the Samurai Web Testing Framework Live DVD (Samurai-WTF). The course follows a probed 4-step methodology (Reconnaissance, Mapping, Discovery & Exploitation), and various scenarios against vulnerable target web applications. The latest tools and techniques will be use throughout the course, and primary emphasis of the instructor lead exercises is how to integrate these tools into your own manual testing procedures to improve your overall workflow.

Come take the official Samurai-WTF training course given by one of the course co-authors and lead developer of the project! You will learn the latest Samurai-WTF open source tools as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

• Student Requirements:
  • Laptop with a functional DVD drive
  • Latest VMware Player, VMware Workstation, or VMware Fusion installed
  • Ability to disable all security software on their laptop such as antivirus and/or firewalls
  • At least 15 GB of free hard drive space
  • At least 4 GB of RAM

[edit] Trainer Biography

Raul Siles is a founder and senior security analyst with Taddong. His more than 10 years expertise performing advanced security services and solutions in various worldwide industries include security architecture design and reviews, penetration tests, incident handling, forensic analysis, security assessments, and information security research in new technologies, such as web applications, wireless, honeynets, virtualization, mobile devices, and VoIP. Raul is one of the few individuals who have earned the GIAC Security Expert (GSE) designation. He is a SANS Institute author and instructor of penetration testing courses, a regular speaker at security conferences, author of security books and articles, and contributes to research and open-source projects. He loves security challenges and is member of international organizations, such as the Honeynet Project, or handler of the Internet Storm Center (ISC). Raul holds a master's degree in computer science from UPM (Spain) and a postgraduate in security and e-commerce.

@taddong

http://blog.taddong.com

http://www.raulsiles.com

24 & 25 September (09:00 - 17:00)

Back to Training Overview