Loading…
Attending this event?
Back To Schedule
Wednesday, November 1 • 9:00am - 5:00pm
3 Day Training: Hacking Modern Web & Desktop apps: Master the Future of Attack Vectors

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
This course is the culmination of years of experience gained via practical penetration testing of Modern Web and Desktop applications as well as countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide, it covers the OWASP Top Ten and specific attack vectors against Modern Web and Desktop apps. This course provides participants with actionable skills that can be applied immediately from day 1.




Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. Training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.




Each day starts with a brief introduction to the Modern platform (i.e. Node.js, Electron) for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.

 

Day 1: Focused specifically on Hacking Modern Web Apps: We start with understanding Modern Web Apps and then deep dive into static and dynamic analysis of the applications at hand. This day is packed with hands-on exercises and CTF-style challenges.




Day 2: Focused on Hacking Modern Desktop Apps: We start with understanding Modern Desktop apps and various security considerations. We then focus on static and dynamic analysis of the applications at hand. The day is filled with hands-on exercises ending with a CTF for more practical fun.




Day 3: Dedicated to Advanced Modern Web & Desktop App Attacks: We cover advanced attacks specifically targeting Modern Web & Desktop Apps, such as dumping memory, prototype pollution, deserialization attacks, OAuth, JWT flaws and more. The day is full of hands-on exercises and ends with CTF-style open challenges for additional practice.

Speakers
avatar for Anirudh Anand

Anirudh Anand

Security Engineer, 7aSecurity
Anirudh Anand is a security engineer with a primary focus on Web and Mobile Application Security. He is currently working as a Lead Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 8 years. In... Read More →
avatar for Abraham Aranguren

Abraham Aranguren

CEO, 7aSecurity
After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security... Read More →

Wednesday November 1, 2023 9:00am - 5:00pm EDT
TBA
  3 Day Training
Feedback form isn't open yet.