**NOTE:A SEPARATE TICKET PURCHASE IS NEEDED TO ATTEND OWASP TRAINING COURSES. Please visit: https://www.eventbrite.com/e/owasp-global-appsec-washington-dc-2023-tickets-519195877847
***This course is available in person or virtually. Please visit the link above to register for either option.
This course is the culmination of years of experience gained via practical penetration testing of Modern Web and Desktop applications as well as countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide, it covers the OWASP Top Ten and specific attack vectors against Modern Web and Desktop apps. This course provides participants with actionable skills that can be applied immediately from day 1.
Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. Training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.
Each day starts with a brief introduction to the Modern platform (i.e. Node.js, Electron) for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.
Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with: 1.5 hour workshop - https://7asecurity.com/free-workshop-desktop-apps 1 hour workshop - https://7asecurity.com/free-workshop-web-apps
Day 1: Focused specifically on Hacking Modern Web Apps: We start with understanding Modern Web Apps and then deep dive into static and dynamic analysis of the applications at hand. This day is packed with hands-on exercises and CTF-style challenges.
Day 2: Dedicated to Advanced Modern Web App Attacks: We cover advanced attacks specifically targeting Modern Web Apps, such as dumping memory, prototype pollution, deserialization attacks, OAuth, JWT flaws and more. The day is full of hands-on exercises and ends with CTF-style open challenges for additional practice.
Day 3: Focused on Hacking JavaScript Desktop Apps: We start with understanding JavaScript Desktop apps and various security considerations. We then focus on static and dynamic analysis of the applications at hand. The day is filled with hands-on exercises ending with a CTF for more practical fun.