Thursday, November 2 • 9:00am - 5:00pm
3 Day Training: Hacking Modern Web & Desktop apps: Master the Future of Attack Vectors (AVAILABLE IN PERSON OR VIRTUALLY)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

**NOTE:A SEPARATE TICKET PURCHASE IS NEEDED TO ATTEND OWASP TRAINING COURSES. Please visit: https://www.eventbrite.com/e/owasp-global-appsec-washington-dc-2023-tickets-519195877847

***This course is available in person or virtually. Please visit the link above to register for either option.

This course is the culmination of years of experience gained via practical penetration
testing of Modern Web and Desktop applications as well as countless hours spent doing
research. We have structured this course around the OWASP Security Testing Guide, it
covers the OWASP Top Ten and specific attack vectors against Modern Web and
Desktop apps. This course provides participants with actionable skills that can be
applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring
bullet points and theories, instead we give you practical challenges and help you solve
them, teaching you how to troubleshoot common issues and get the most out of this
training. Training then continues after the course through our frequently updated training
portal, for which you keep lifetime access, as well as unlimited email support.

Each day starts with a brief introduction to the Modern platform (i.e. Node.js, Electron)
for that day and then continues with a look at static analysis, moves on to dynamic
checks finishing off with a nice CTF session to test the skills gained.

Get a FREE taste for this training, including access to video recording, slides and
vulnerable apps to play with:
1.5 hour workshop - https://7asecurity.com/free-workshop-desktop-apps
1 hour workshop - https://7asecurity.com/free-workshop-web-apps

Day 1: Focused specifically on Hacking Modern Web Apps: We start with understanding
Modern Web Apps and then deep dive into static and dynamic analysis of the
applications at hand. This day is packed with hands-on exercises and CTF-style

Day 2: Dedicated to Advanced Modern Web App Attacks: We cover advanced attacks
specifically targeting Modern Web Apps, such as dumping memory, prototype pollution,
deserialization attacks, OAuth, JWT flaws and more. The day is full of hands-on
exercises and ends with CTF-style open challenges for additional practice.

Day 3: Focused on Hacking JavaScript Desktop Apps: We start with understanding
JavaScript Desktop apps and various security considerations. We then focus on static
and dynamic analysis of the applications at hand. The day is filled with hands-on
exercises ending with a CTF for more practical fun.

Teaser Video: https://www.youtube.com/watch?v=Qckegc2gbfo

avatar for Abraham Aranguren

Abraham Aranguren

Managing Director, 7ASecurity
After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior... Read More →

Ashwin Shenoi

Security Trainer, 7A Security
Ashwin Shenoi is a Senior Security Engineer at CRED, with an avid passion for application security. He is highly skilled in application penetration testing and automation. Ashwin is a core member of team bi0s, a top-ranked Capture The Flag (CTF) team, according to CTFTime. In his... Read More →

Thursday November 2, 2023 9:00am - 5:00pm EDT
Room: Judiciary