OWASP 2024 Global AppSec San Francisco

Day 1 Story: SEOptimyze - Lambda Privilege Escalation - Attack, Detect, and Defense The application is an example of a real-world SEO optimizer, where we analyze website performance and store the files in an S3 bucket, and store other values in DynamoDB. This is a “serverless” app that uses AWS Lambda, API Gateway, DynamoDB, Amazon S3, and other AWS Services. Attack Story Concepts * Attacking Vulnerable Lambda Function and pillaging credentials * Leveraging IAM misconfiguration to be able to escalate privileges * Misconfigured security parameters on S3 and DynamoDB Incident Response * Detection and Response * Promptly detect suspicious activity through monitoring AWS CloudTrail logs, AWS Config, and CloudWatch metrics. * Activate the incident response team upon detection and isolate affected resources. * Containment and Eradication * Contain the incident by disabling compromised IAM credentials and restricting access to affected resources. Investigate the root cause and remove any malicious code or unauthorized access. * Recovery * Restore affected resources from clean backups or rebuild them, ensuring revoked credentials are replaced. Implement security improvements, such as enhancing configurations and conducting thorough testing. Defense Topics and Mini Labs * Lambda Least Privilege Configuration * Remediate Application Vulnerability * Scan Lambda Function with Automated Security Tools Story: Amazon EC2 Attack, Detect, and Defense Lab This stack is a more traditional application stack. Applications and Databases are deployed as VMs in VPCs inside AWS environments. The story focuses on the attacker's objective to attempt to exfiltrate sensitive information from a VPC Attack Story Concept Coverage * Compromise Application hosted on VM, steal credentials from VM * Insecure VPC Configuration along with IAM privilege misconfiguration * Adversary objective OS to perform data exfiltration from internal assets deployed across VPCs Incident Response * Detection and Response[a][b] * Utilize network monitoring, intrusion detection systems, and log analysis to detect suspicious activities such as unauthorized access attempts, unusual network traffic, or unexpected changes in IAM permissions. * Upon detection, activate the incident response team and isolate compromised VMs and affected VPCs to prevent further data exfiltration. * Containment and Eradication * Conduct a comprehensive investigation to determine the root cause of the compromise, including analyzing system logs, network traffic, and IAM configurations. * Contain the incident by revoking compromised credentials, disabling compromised VMs, and implementing security group rules to restrict access to sensitive resources. * Recovery * Recover affected systems by restoring from clean backups or rebuilding them with hardened configurations using Infrastructure as Code (IaC) principles. * Implement VPC hardening measures, including adjusting security group settings, network ACLs, and IAM policies, to prevent similar attacks in the future. Detect Topics and Mini-Labs * VPC Flow Logs for CloudWatch metrics to set the alarm * Threat Intelligence using GuardDuty * CloudWatch Log Insights * Using OSS Cloud Security Posture Management Tools to detect security incidents * Setup automated detection pipeline using AWS Lambda, SNS on VM State Changes, and VPC State Change Defense Topics and Mini-Labs * Harden VM and Configurations using Infrastructure as Code * VPC Hardening and Security Configurations * Hardening with specific Security Groups * IAM Tag-based condition for VPC[c]

Day 2 Story: EKS Privilege Escalation Attack, Detect and Defense Attack Story Concepts * Privilege Escalation on EKS cluster, leveraging vulnerable container * Privilege Escalation involving Amazon ECR, KMS, S3, and so on * Trojanizes the container images and pushes them to the ECR Incident Response * Detection and Response * Utilize monitoring tools such as AWS CloudWatch, AWS Config, and AWS CloudTrail to detect unauthorized access attempts, unusual activity on EKS clusters, and suspicious interactions with ECR, KMS, and S3. * Employ intrusion detection systems and anomaly detection mechanisms to identify potential privilege escalation attempts and unauthorized modifications to container images in ECR. * Implement alerts and notifications to promptly notify the incident response plan upon detection of suspicious activities or security violations. * Containment and Eradication * Immediately isolate compromised containers or EKS clusters to prevent further unauthorized access and potential data exfiltration. * Analyze the extent of the privilege escalation and identify the compromised container images pushed to ECR. * Disable or remove malicious container images from ECR and revoke any compromised IAM credentials or permissions associated with the incident. * Conduct a thorough investigation to identify the root cause of the attack and address any vulnerabilities or misconfigurations that contributed to the incident. * Recovery * Restore affected EKS clusters and container images from clean backups or rebuild them using secure configurations and best practices. * Implement security enhancements such as IMDSv2 to prevent metadata credential compromise, fix SSRF or Path Traversal vulnerabilities in the application, and configure OIDC for Kubernetes deployment on EKS to enhance authentication and authorization mechanisms. * Review and update IAM policies, ECR defense parameters, and overall security posture to mitigate the risk of future privilege escalation attacks and unauthorized access to containerized environments. Defense Topics and Mini-Labs * IMDSv2 to prevent Metadata credential compromise from RCE/SSRF/Path Traversal * Fix SSRF or Path Traversal in the Application * OIDC for Kubernetes deployment on EKS * ECR Defense Parameters - Tag IAM[d] and IAM Hardening Story: GCP Cloud Run metadata Attack and Defense Attack Story Concept Coverage * Application with Deserialization vulnerability is deployed in Cloud Run instance * Exploit the application and get a reverse shell from the compromised application * Sensitive information disclosure from the metadata endpoints Incident Response * Detection and Response * Utilize VPC flow logs to monitor network traffic and detect suspicious activities, such as unexpected connections or unusual data transfer patterns. * Implement real-time monitoring using Pub/Sub to receive alerts and notifications about potential security incidents or abnormal behavior in Cloud Run instances. * Investigate alerts promptly and analyze metadata endpoints for any signs of sensitive information disclosure or unauthorized access attempts. * Leverage Security Command Center for Threat Detection * Containment and Eradication * Upon detection of a deserialization vulnerability exploit or a reverse shell, immediately isolate the compromised Cloud Run instance to prevent further unauthorized access. * Utilize firewall rules to block incoming and outgoing connections associated with the compromised instance and prevent the reverse shell from communicating with external servers. * Apply IAM deny policies to restrict access to sensitive resources and prevent unauthorized actions from the compromised service account. * Recovery * Implement a fix to address the YAML deserialization vulnerability in the application deployed on Cloud Run instances. * Enhance application security by adding authentication via GCP Identity-Aware Proxy (IAP) to prevent unauthorized access to sensitive endpoints and data. * Restore the compromised Cloud Run instance from a clean backup or rebuild it with least-privileged service account permissions and hardened configurations. * Conduct a post-incident review to identify lessons learned and update incident response procedures, security controls, and employee training to improve the organization's resilience against similar attacks in the future. Defense Story Concept Coverage * Fix that prevents the YAML deserialization attack * Add the Authentication to the application via GCP IAP * Prevent the reverse shell using firewall rules * IAM Deny Policies * Run service with a least-privi

Supply Chain risks are everywhere. We’ve seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential and required by regulation. However, pentesters and red-teams must understand how they can leverage supply-chain attacks against applications, to further strengthen their defense implementations against it.

This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subsequently dive into story-driven scenarios of exploiting supply-chains like exploiting CI systems, and build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS, and Azure.

People learn better with stories. Our exploit and lateral movement scenarios are intricately designed labs that are backed by real-world stories that help students understand this subject-matter a lot better. This training was sold out at Blackhat USA 2023 with a 4.8/5 Rating

**NOTE:Conference and training tickets are separate purchases.

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long are the days since web servers were run by perl scripts and desktop apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server. What is common between Microsoft Teams, Skype, Bitwarden, Slack and Discord? All of them are written in Electron: JavaScript on the client. Modern Web and Desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web and desktop apps, showcasing Node.js and Electron but using techniques that will also work against any other web or desktop app platform. Ideal for Penetration Testers, Web and Desktop app Developers as well as everybody interested in JavaScript/Node.js/Electron app security.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with:

1.5 hour workshop - https://7asecurity.com/free-workshop-desktop-apps
1 hour workshop - https://7asecurity.com/free-workshop-web-apps

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.

Teaser Video: https://www.youtube.com/watch?v=Qckegc2gbfo

(Available as hybrid - in Person or online)

This three-day hands-on course teaches penetration testers and developers how to analyse Android and iOS applications for security vulnerabilities by going through the different phases of testing, including dynamic testing, static analysis, reverse engineering and Software Composition Analysis (SCA), using the OWASP Mobile Application Security Testing Guide (MASTG).

The OWASP MASTG is a comprehensive and open source guide to mobile security testing for both iOS and Android, providing a methodology and very detailed technical test cases to ensure completeness and using the latest attack techniques against mobile applications.

This course will give you hands-on experience with open source tools and advanced methodologies by guiding you through real-world scenarios.

## Detailed outline

We'll start the first day with an introduction to the OWASP MASVS and MASTG and the latest updates to it and then dive into the Android platform and its security architecture. Students will no longer be required to bring their own Android device, instead each student will be provided with a cloud-based virtualised Android device from Corellium.

Topics include:
- Intercepting network traffic from apps written in mobile app frameworks such as Google's Flutter
- Reverse engineering a Kotlin app and identifying and exploiting a real-world deep link vulnerability through manual source code review.
- Explore the differences and effectiveness of reverse engineering Android apps using Smali patching, Magisk and Dynamic Instrumentation with Frida
- Frida crash course to get started with dynamic instrumentation on Android apps
- Bypass different implementations of SSL pinning using Frida
- Use dynamic instrumentation with Frida to
- Bypass multiple root detection mechanisms
- Bypass Frida detection mechanisms -

Day 1 will be closed with a Capture the Flag (CTF)

On day 2 we wrap up Android and start with iOS and we will use a Github repo to trigger static scanning, SCA and secret scanning on Kotlin and Swift:
Android: - Analyse the storage of an Android app and understand the various options on how and where files can be stored (app-specific, shared storage etc.)
- Using Brida (Frida and Burp) to bypass End2End encryption in an Android App
- Static Scanning of Kotlin source code, identifying vulnerabilities and eliminating false positives
- Scanning for secrets in an APK iOS:
- Introduction into iOS Security fundamentals
- Scanning for secrets in a Swift repository and identifying ways to handle them securely.
- Software Composition Analysis (SCA) for iOS
- Scanning 3rd party libraries and SDKs in mobile package managers for known vulnerabilities and mitigation strategies.
- Statically scanning Swift source code, identifying vulnerabilities and eliminating false positives.
- Demonstration on how to test watchOS apps and it's limitations

Day 3 focuses on iOS.
We will begin the day by creating an iOS test environment using Corellium and dive into several topics, including:
- Intercepting network traffic of an iOS App in various scenarios, including intercepting traffic that is not HTTP
- Examining stateless authentication (JWT) in a mobile app
- A Frida crash course to get started with dynamic instrumentation for iOS applications
- Analyse the storage of an iOS app and understand the various options on how (Realm databases etc.) and where files can be stored.
- Testing methodology with a non-jailbroken device by repackaging an IPA with the Frida gadget
- Using Frida to bypass runtime instrumentation of iOS applications
- Anti-Jailbreaking Mechanisms
- Frida's detection mechanism We'll wrap up the final day with a "Mobile Hacking Scavenger Hunt." This unique CTF will feature not just mobile apps but also physical art objects, which we refer to as "hackable artworks". Whether you are a beginner who wants to learn mobile app testing from the ground up, or an experienced pentester or developer who wants to improve your existing skills to perform more advanced attack techniques, or just for fun, this training will help you achieve your goals.

The course consists of many different labs developed by the instructor and is approximately 65% hands-on and 35% lecture. Upon successful completion of this course, students will have a better understanding of how to test for vulnerabilities in mobile applications, how to suggest the right mitigation techniques to developers, and how to perform tests consistently.

### What students should bring

The following requirements must be met by students in order to be able to follow all exercises and participate fully:
- Laptop (Windows/Linux/macOS) with at least 8GB of RAM and 40GB of free disk space.
- Full administrative access in case of problems with the laptop environment (e.g. ability to disable VPN or AV/EDR) - Virtualisation software (e.g. VMware, VirtualBox, UTM); a virtual machine will be provided for X86 and ARM architecture (for M1/M2/M3 MacBooks) with all tools required for the training.
- Ideally a tablet to have a second screen for the practical lab slides when doing the hands-on sessions.
- Github account is needed (free account is sufficient) to fork a repository

An iOS and Android device is NOT required as an emulated instance is provided for each student hosted at Corellium. This is a cloud-based environment that allows each student access to a jailbroken iOS device and a rooted Android device during the training.

### What students will receive
- Slide decks for the iOS and Android training and all videos for all demonstrations shared in class.
- All vulnerable apps used during the training, either as APK or IPA.
- Detailed write-ups for all labs so you can review them at your own pace after the course.
- Dedicated Slack channel used to help students prepare before the course, communicate during the course and stay in touch after the course for any questions.
- Certificate of completion.

## What prerequisites should students have before attending this training?
- This course is for Beginners and Intermediate
- Basic understanding of mobile apps
- Able to use Linux command line

## Biography of the trainer Sven: is a co-founder of Bai7 GmbH in Austria, which is specialized in mobile app trainings and advisory. He has expertise in cloud security, offensive security engagements (Penetration Testing) and Application Security, notably in guiding software development teams across Mobile and Web Applications throughout the Software Development Life Cycle (SDLC) to integrate robust security measures in from the start. Besides his day job, Sven is involved with the Open Worldwide Application Security Project (OWASP) since 2016. As a co-project leader and author, he has significantly contributed to the OWASP Mobile Application Security Testing Guide (MASTG) and the OWASP Mobile Application Security Verification Standard (MASVS).

This course provides the knowledge and resources required to evaluate the security of web applications. The participants, through the understanding of theory and a strong focus on practical exercises, will be able to identify critical vulnerabilities in web applications, understand how exploitation works and learn how to implement the necessary corrective measures. The course is aligned with the OWASP 10 2021, a world-renowned reference document which describes the most critical web application security flaws.

The topics covered include:
- Introduction to Web Application Security
- Technologies used in Web Applications
- The Security Tester Toolkit
- Critical Areas in Web Applications
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server Side Request Forgery (SSRF)

Format: The course combines theory and hands-on practical exercises. The participants start by learning about web application vulnerabilities. They are then given access to a purpose-built web application environment that contains the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities in a safe environment.

Based on the updated Black Hat edition 2024 training, you will be challenged with hands-on threat modeling exercises based on real-world projects. You will get insight into our practical industry experience, helping you to become a Threat Modeling Practitioner. We included an exercise on MITRE ATT&CK, and we focus on embedding threat modeling in Agile and DevOps practices. And we introduce a new challenge on threat modeling a Machine Learning-Powered Chatbot.

We levelled up the threat modeling war game. Engaged in CTF-style challenges, your team will battle for control over an offshore wind turbine park. The level of this training is Beginner/Intermediate. Participants who are new to threat modeling are advised to follow our self-paced Threat Modeling Introduction training (which is about 2 hours and is included in this training).

As highly skilled professionals with years of experience under our belts, we're intimately familiar with the gap between academic knowledge of threat modeling and real-world practice. To minimize that gap, we have developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model.

Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling:
• Diagram techniques applied on a travel booking service
• Threat model a cloud-based update service for an IoT kiosk
• Create an attack tree against a nuclear research facility
• Create a SOC Risk Based Alerting system with MITRE ATT&CK
• Mitigate threats in a payment service build with microservices and S3 buckets
• Threat modeling a Machine Learning-Powered Chatbot
• Apply the OWASP Threat Modeling Playbook on agile development
• Threat modeling the CI/CD pipeline
• Battle for control over "Zwarte Wind", an offshore wind turbine park

After each hands-on exercise, the results are discussed, and students receive a documented solution.

As part of this training, you will be asked to create and submit your own threat model, on which you will get individual feedback.

All participants get our Threat Modeling Playbook to improve you threat modeling practice, one-year access to our online threat modeling learning platform, and one-hour personal coaching to refine your threat modeling.

Day 1 Story: SEOptimyze - Lambda Privilege Escalation - Attack, Detect, and Defense The application is an example of a real-world SEO optimizer, where we analyze website performance and store the files in an S3 bucket, and store other values in DynamoDB. This is a “serverless” app that uses AWS Lambda, API Gateway, DynamoDB, Amazon S3, and other AWS Services. Attack Story Concepts * Attacking Vulnerable Lambda Function and pillaging credentials * Leveraging IAM misconfiguration to be able to escalate privileges * Misconfigured security parameters on S3 and DynamoDB Incident Response * Detection and Response * Promptly detect suspicious activity through monitoring AWS CloudTrail logs, AWS Config, and CloudWatch metrics. * Activate the incident response team upon detection and isolate affected resources. * Containment and Eradication * Contain the incident by disabling compromised IAM credentials and restricting access to affected resources. Investigate the root cause and remove any malicious code or unauthorized access. * Recovery * Restore affected resources from clean backups or rebuild them, ensuring revoked credentials are replaced. Implement security improvements, such as enhancing configurations and conducting thorough testing. Defense Topics and Mini Labs * Lambda Least Privilege Configuration * Remediate Application Vulnerability * Scan Lambda Function with Automated Security Tools Story: Amazon EC2 Attack, Detect, and Defense Lab This stack is a more traditional application stack. Applications and Databases are deployed as VMs in VPCs inside AWS environments. The story focuses on the attacker's objective to attempt to exfiltrate sensitive information from a VPC Attack Story Concept Coverage * Compromise Application hosted on VM, steal credentials from VM * Insecure VPC Configuration along with IAM privilege misconfiguration * Adversary objective OS to perform data exfiltration from internal assets deployed across VPCs Incident Response * Detection and Response[a][b] * Utilize network monitoring, intrusion detection systems, and log analysis to detect suspicious activities such as unauthorized access attempts, unusual network traffic, or unexpected changes in IAM permissions. * Upon detection, activate the incident response team and isolate compromised VMs and affected VPCs to prevent further data exfiltration. * Containment and Eradication * Conduct a comprehensive investigation to determine the root cause of the compromise, including analyzing system logs, network traffic, and IAM configurations. * Contain the incident by revoking compromised credentials, disabling compromised VMs, and implementing security group rules to restrict access to sensitive resources. * Recovery * Recover affected systems by restoring from clean backups or rebuilding them with hardened configurations using Infrastructure as Code (IaC) principles. * Implement VPC hardening measures, including adjusting security group settings, network ACLs, and IAM policies, to prevent similar attacks in the future. Detect Topics and Mini-Labs * VPC Flow Logs for CloudWatch metrics to set the alarm * Threat Intelligence using GuardDuty * CloudWatch Log Insights * Using OSS Cloud Security Posture Management Tools to detect security incidents * Setup automated detection pipeline using AWS Lambda, SNS on VM State Changes, and VPC State Change Defense Topics and Mini-Labs * Harden VM and Configurations using Infrastructure as Code * VPC Hardening and Security Configurations * Hardening with specific Security Groups * IAM Tag-based condition for VPC[c]

Day 2 Story: EKS Privilege Escalation Attack, Detect and Defense Attack Story Concepts * Privilege Escalation on EKS cluster, leveraging vulnerable container * Privilege Escalation involving Amazon ECR, KMS, S3, and so on * Trojanizes the container images and pushes them to the ECR Incident Response * Detection and Response * Utilize monitoring tools such as AWS CloudWatch, AWS Config, and AWS CloudTrail to detect unauthorized access attempts, unusual activity on EKS clusters, and suspicious interactions with ECR, KMS, and S3. * Employ intrusion detection systems and anomaly detection mechanisms to identify potential privilege escalation attempts and unauthorized modifications to container images in ECR. * Implement alerts and notifications to promptly notify the incident response plan upon detection of suspicious activities or security violations. * Containment and Eradication * Immediately isolate compromised containers or EKS clusters to prevent further unauthorized access and potential data exfiltration. * Analyze the extent of the privilege escalation and identify the compromised container images pushed to ECR. * Disable or remove malicious container images from ECR and revoke any compromised IAM credentials or permissions associated with the incident. * Conduct a thorough investigation to identify the root cause of the attack and address any vulnerabilities or misconfigurations that contributed to the incident. * Recovery * Restore affected EKS clusters and container images from clean backups or rebuild them using secure configurations and best practices. * Implement security enhancements such as IMDSv2 to prevent metadata credential compromise, fix SSRF or Path Traversal vulnerabilities in the application, and configure OIDC for Kubernetes deployment on EKS to enhance authentication and authorization mechanisms. * Review and update IAM policies, ECR defense parameters, and overall security posture to mitigate the risk of future privilege escalation attacks and unauthorized access to containerized environments. Defense Topics and Mini-Labs * IMDSv2 to prevent Metadata credential compromise from RCE/SSRF/Path Traversal * Fix SSRF or Path Traversal in the Application * OIDC for Kubernetes deployment on EKS * ECR Defense Parameters - Tag IAM[d] and IAM Hardening Story: GCP Cloud Run metadata Attack and Defense Attack Story Concept Coverage * Application with Deserialization vulnerability is deployed in Cloud Run instance * Exploit the application and get a reverse shell from the compromised application * Sensitive information disclosure from the metadata endpoints Incident Response * Detection and Response * Utilize VPC flow logs to monitor network traffic and detect suspicious activities, such as unexpected connections or unusual data transfer patterns. * Implement real-time monitoring using Pub/Sub to receive alerts and notifications about potential security incidents or abnormal behavior in Cloud Run instances. * Investigate alerts promptly and analyze metadata endpoints for any signs of sensitive information disclosure or unauthorized access attempts. * Leverage Security Command Center for Threat Detection * Containment and Eradication * Upon detection of a deserialization vulnerability exploit or a reverse shell, immediately isolate the compromised Cloud Run instance to prevent further unauthorized access. * Utilize firewall rules to block incoming and outgoing connections associated with the compromised instance and prevent the reverse shell from communicating with external servers. * Apply IAM deny policies to restrict access to sensitive resources and prevent unauthorized actions from the compromised service account. * Recovery * Implement a fix to address the YAML deserialization vulnerability in the application deployed on Cloud Run instances. * Enhance application security by adding authentication via GCP Identity-Aware Proxy (IAP) to prevent unauthorized access to sensitive endpoints and data. * Restore the compromised Cloud Run instance from a clean backup or rebuild it with least-privileged service account permissions and hardened configurations. * Conduct a post-incident review to identify lessons learned and update incident response procedures, security controls, and employee training to improve the organization's resilience against similar attacks in the future. Defense Story Concept Coverage * Fix that prevents the YAML deserialization attack * Add the Authentication to the application via GCP IAP * Prevent the reverse shell using firewall rules * IAM Deny Policies * Run service with a least-privi

Supply Chain risks are everywhere. We’ve seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential and required by regulation. However, pentesters and red-teams must understand how they can leverage supply-chain attacks against applications, to further strengthen their defense implementations against it.

This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subsequently dive into story-driven scenarios of exploiting supply-chains like exploiting CI systems, and build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS, and Azure.

People learn better with stories. Our exploit and lateral movement scenarios are intricately designed labs that are backed by real-world stories that help students understand this subject-matter a lot better. This training was sold out at Blackhat USA 2023 with a 4.8/5 Rating

**NOTE:Conference and training tickets are separate purchases.

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long are the days since web servers were run by perl scripts and desktop apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server. What is common between Microsoft Teams, Skype, Bitwarden, Slack and Discord? All of them are written in Electron: JavaScript on the client. Modern Web and Desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web and desktop apps, showcasing Node.js and Electron but using techniques that will also work against any other web or desktop app platform. Ideal for Penetration Testers, Web and Desktop app Developers as well as everybody interested in JavaScript/Node.js/Electron app security.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with:

1.5 hour workshop - https://7asecurity.com/free-workshop-desktop-apps
1 hour workshop - https://7asecurity.com/free-workshop-web-apps

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.

Teaser Video: https://www.youtube.com/watch?v=Qckegc2gbfo

(Available as hybrid - in Person or online)

This three-day hands-on course teaches penetration testers and developers how to analyse Android and iOS applications for security vulnerabilities by going through the different phases of testing, including dynamic testing, static analysis, reverse engineering and Software Composition Analysis (SCA), using the OWASP Mobile Application Security Testing Guide (MASTG).

The OWASP MASTG is a comprehensive and open source guide to mobile security testing for both iOS and Android, providing a methodology and very detailed technical test cases to ensure completeness and using the latest attack techniques against mobile applications.

This course will give you hands-on experience with open source tools and advanced methodologies by guiding you through real-world scenarios.

## Detailed outline

We'll start the first day with an introduction to the OWASP MASVS and MASTG and the latest updates to it and then dive into the Android platform and its security architecture. Students will no longer be required to bring their own Android device, instead each student will be provided with a cloud-based virtualised Android device from Corellium.

Topics include:
- Intercepting network traffic from apps written in mobile app frameworks such as Google's Flutter
- Reverse engineering a Kotlin app and identifying and exploiting a real-world deep link vulnerability through manual source code review.
- Explore the differences and effectiveness of reverse engineering Android apps using Smali patching, Magisk and Dynamic Instrumentation with Frida
- Frida crash course to get started with dynamic instrumentation on Android apps
- Bypass different implementations of SSL pinning using Frida
- Use dynamic instrumentation with Frida to
- Bypass multiple root detection mechanisms
- Bypass Frida detection mechanisms -

Day 1 will be closed with a Capture the Flag (CTF)

On day 2 we wrap up Android and start with iOS and we will use a Github repo to trigger static scanning, SCA and secret scanning on Kotlin and Swift:
Android: - Analyse the storage of an Android app and understand the various options on how and where files can be stored (app-specific, shared storage etc.)
- Using Brida (Frida and Burp) to bypass End2End encryption in an Android App
- Static Scanning of Kotlin source code, identifying vulnerabilities and eliminating false positives
- Scanning for secrets in an APK iOS:
- Introduction into iOS Security fundamentals
- Scanning for secrets in a Swift repository and identifying ways to handle them securely.
- Software Composition Analysis (SCA) for iOS
- Scanning 3rd party libraries and SDKs in mobile package managers for known vulnerabilities and mitigation strategies.
- Statically scanning Swift source code, identifying vulnerabilities and eliminating false positives.
- Demonstration on how to test watchOS apps and it's limitations

Day 3 focuses on iOS.
We will begin the day by creating an iOS test environment using Corellium and dive into several topics, including:
- Intercepting network traffic of an iOS App in various scenarios, including intercepting traffic that is not HTTP
- Examining stateless authentication (JWT) in a mobile app
- A Frida crash course to get started with dynamic instrumentation for iOS applications
- Analyse the storage of an iOS app and understand the various options on how (Realm databases etc.) and where files can be stored.
- Testing methodology with a non-jailbroken device by repackaging an IPA with the Frida gadget
- Using Frida to bypass runtime instrumentation of iOS applications
- Anti-Jailbreaking Mechanisms
- Frida's detection mechanism We'll wrap up the final day with a "Mobile Hacking Scavenger Hunt." This unique CTF will feature not just mobile apps but also physical art objects, which we refer to as "hackable artworks". Whether you are a beginner who wants to learn mobile app testing from the ground up, or an experienced pentester or developer who wants to improve your existing skills to perform more advanced attack techniques, or just for fun, this training will help you achieve your goals.

The course consists of many different labs developed by the instructor and is approximately 65% hands-on and 35% lecture. Upon successful completion of this course, students will have a better understanding of how to test for vulnerabilities in mobile applications, how to suggest the right mitigation techniques to developers, and how to perform tests consistently.

### What students should bring

The following requirements must be met by students in order to be able to follow all exercises and participate fully:
- Laptop (Windows/Linux/macOS) with at least 8GB of RAM and 40GB of free disk space.
- Full administrative access in case of problems with the laptop environment (e.g. ability to disable VPN or AV/EDR) - Virtualisation software (e.g. VMware, VirtualBox, UTM); a virtual machine will be provided for X86 and ARM architecture (for M1/M2/M3 MacBooks) with all tools required for the training.
- Ideally a tablet to have a second screen for the practical lab slides when doing the hands-on sessions.
- Github account is needed (free account is sufficient) to fork a repository

An iOS and Android device is NOT required as an emulated instance is provided for each student hosted at Corellium. This is a cloud-based environment that allows each student access to a jailbroken iOS device and a rooted Android device during the training.

### What students will receive
- Slide decks for the iOS and Android training and all videos for all demonstrations shared in class.
- All vulnerable apps used during the training, either as APK or IPA.
- Detailed write-ups for all labs so you can review them at your own pace after the course.
- Dedicated Slack channel used to help students prepare before the course, communicate during the course and stay in touch after the course for any questions.
- Certificate of completion.

## What prerequisites should students have before attending this training?
- This course is for Beginners and Intermediate
- Basic understanding of mobile apps
- Able to use Linux command line

## Biography of the trainer Sven: is a co-founder of Bai7 GmbH in Austria, which is specialized in mobile app trainings and advisory. He has expertise in cloud security, offensive security engagements (Penetration Testing) and Application Security, notably in guiding software development teams across Mobile and Web Applications throughout the Software Development Life Cycle (SDLC) to integrate robust security measures in from the start. Besides his day job, Sven is involved with the Open Worldwide Application Security Project (OWASP) since 2016. As a co-project leader and author, he has significantly contributed to the OWASP Mobile Application Security Testing Guide (MASTG) and the OWASP Mobile Application Security Verification Standard (MASVS).

This course provides the knowledge and resources required to evaluate the security of web applications. The participants, through the understanding of theory and a strong focus on practical exercises, will be able to identify critical vulnerabilities in web applications, understand how exploitation works and learn how to implement the necessary corrective measures. The course is aligned with the OWASP 10 2021, a world-renowned reference document which describes the most critical web application security flaws.

The topics covered include:
- Introduction to Web Application Security
- Technologies used in Web Applications
- The Security Tester Toolkit
- Critical Areas in Web Applications
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server Side Request Forgery (SSRF)

Format: The course combines theory and hands-on practical exercises. The participants start by learning about web application vulnerabilities. They are then given access to a purpose-built web application environment that contains the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities in a safe environment.

Based on the updated Black Hat edition 2024 training, you will be challenged with hands-on threat modeling exercises based on real-world projects. You will get insight into our practical industry experience, helping you to become a Threat Modeling Practitioner. We included an exercise on MITRE ATT&CK, and we focus on embedding threat modeling in Agile and DevOps practices. And we introduce a new challenge on threat modeling a Machine Learning-Powered Chatbot.

We levelled up the threat modeling war game. Engaged in CTF-style challenges, your team will battle for control over an offshore wind turbine park. The level of this training is Beginner/Intermediate. Participants who are new to threat modeling are advised to follow our self-paced Threat Modeling Introduction training (which is about 2 hours and is included in this training).

As highly skilled professionals with years of experience under our belts, we're intimately familiar with the gap between academic knowledge of threat modeling and real-world practice. To minimize that gap, we have developed practical use cases, based on real-world projects. Each use case includes a description of the environment, together with questions and templates to build a threat model.

Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling:
• Diagram techniques applied on a travel booking service
• Threat model a cloud-based update service for an IoT kiosk
• Create an attack tree against a nuclear research facility
• Create a SOC Risk Based Alerting system with MITRE ATT&CK
• Mitigate threats in a payment service build with microservices and S3 buckets
• Threat modeling a Machine Learning-Powered Chatbot
• Apply the OWASP Threat Modeling Playbook on agile development
• Threat modeling the CI/CD pipeline
• Battle for control over "Zwarte Wind", an offshore wind turbine park

After each hands-on exercise, the results are discussed, and students receive a documented solution.

As part of this training, you will be asked to create and submit your own threat model, on which you will get individual feedback.

All participants get our Threat Modeling Playbook to improve you threat modeling practice, one-year access to our online threat modeling learning platform, and one-hour personal coaching to refine your threat modeling.

Day 1 Story: SEOptimyze - Lambda Privilege Escalation - Attack, Detect, and Defense The application is an example of a real-world SEO optimizer, where we analyze website performance and store the files in an S3 bucket, and store other values in DynamoDB. This is a “serverless” app that uses AWS Lambda, API Gateway, DynamoDB, Amazon S3, and other AWS Services. Attack Story Concepts * Attacking Vulnerable Lambda Function and pillaging credentials * Leveraging IAM misconfiguration to be able to escalate privileges * Misconfigured security parameters on S3 and DynamoDB Incident Response * Detection and Response * Promptly detect suspicious activity through monitoring AWS CloudTrail logs, AWS Config, and CloudWatch metrics. * Activate the incident response team upon detection and isolate affected resources. * Containment and Eradication * Contain the incident by disabling compromised IAM credentials and restricting access to affected resources. Investigate the root cause and remove any malicious code or unauthorized access. * Recovery * Restore affected resources from clean backups or rebuild them, ensuring revoked credentials are replaced. Implement security improvements, such as enhancing configurations and conducting thorough testing. Defense Topics and Mini Labs * Lambda Least Privilege Configuration * Remediate Application Vulnerability * Scan Lambda Function with Automated Security Tools Story: Amazon EC2 Attack, Detect, and Defense Lab This stack is a more traditional application stack. Applications and Databases are deployed as VMs in VPCs inside AWS environments. The story focuses on the attacker's objective to attempt to exfiltrate sensitive information from a VPC Attack Story Concept Coverage * Compromise Application hosted on VM, steal credentials from VM * Insecure VPC Configuration along with IAM privilege misconfiguration * Adversary objective OS to perform data exfiltration from internal assets deployed across VPCs Incident Response * Detection and Response[a][b] * Utilize network monitoring, intrusion detection systems, and log analysis to detect suspicious activities such as unauthorized access attempts, unusual network traffic, or unexpected changes in IAM permissions. * Upon detection, activate the incident response team and isolate compromised VMs and affected VPCs to prevent further data exfiltration. * Containment and Eradication * Conduct a comprehensive investigation to determine the root cause of the compromise, including analyzing system logs, network traffic, and IAM configurations. * Contain the incident by revoking compromised credentials, disabling compromised VMs, and implementing security group rules to restrict access to sensitive resources. * Recovery * Recover affected systems by restoring from clean backups or rebuilding them with hardened configurations using Infrastructure as Code (IaC) principles. * Implement VPC hardening measures, including adjusting security group settings, network ACLs, and IAM policies, to prevent similar attacks in the future. Detect Topics and Mini-Labs * VPC Flow Logs for CloudWatch metrics to set the alarm * Threat Intelligence using GuardDuty * CloudWatch Log Insights * Using OSS Cloud Security Posture Management Tools to detect security incidents * Setup automated detection pipeline using AWS Lambda, SNS on VM State Changes, and VPC State Change Defense Topics and Mini-Labs * Harden VM and Configurations using Infrastructure as Code * VPC Hardening and Security Configurations * Hardening with specific Security Groups * IAM Tag-based condition for VPC[c]

Day 2 Story: EKS Privilege Escalation Attack, Detect and Defense Attack Story Concepts * Privilege Escalation on EKS cluster, leveraging vulnerable container * Privilege Escalation involving Amazon ECR, KMS, S3, and so on * Trojanizes the container images and pushes them to the ECR Incident Response * Detection and Response * Utilize monitoring tools such as AWS CloudWatch, AWS Config, and AWS CloudTrail to detect unauthorized access attempts, unusual activity on EKS clusters, and suspicious interactions with ECR, KMS, and S3. * Employ intrusion detection systems and anomaly detection mechanisms to identify potential privilege escalation attempts and unauthorized modifications to container images in ECR. * Implement alerts and notifications to promptly notify the incident response plan upon detection of suspicious activities or security violations. * Containment and Eradication * Immediately isolate compromised containers or EKS clusters to prevent further unauthorized access and potential data exfiltration. * Analyze the extent of the privilege escalation and identify the compromised container images pushed to ECR. * Disable or remove malicious container images from ECR and revoke any compromised IAM credentials or permissions associated with the incident. * Conduct a thorough investigation to identify the root cause of the attack and address any vulnerabilities or misconfigurations that contributed to the incident. * Recovery * Restore affected EKS clusters and container images from clean backups or rebuild them using secure configurations and best practices. * Implement security enhancements such as IMDSv2 to prevent metadata credential compromise, fix SSRF or Path Traversal vulnerabilities in the application, and configure OIDC for Kubernetes deployment on EKS to enhance authentication and authorization mechanisms. * Review and update IAM policies, ECR defense parameters, and overall security posture to mitigate the risk of future privilege escalation attacks and unauthorized access to containerized environments. Defense Topics and Mini-Labs * IMDSv2 to prevent Metadata credential compromise from RCE/SSRF/Path Traversal * Fix SSRF or Path Traversal in the Application * OIDC for Kubernetes deployment on EKS * ECR Defense Parameters - Tag IAM[d] and IAM Hardening Story: GCP Cloud Run metadata Attack and Defense Attack Story Concept Coverage * Application with Deserialization vulnerability is deployed in Cloud Run instance * Exploit the application and get a reverse shell from the compromised application * Sensitive information disclosure from the metadata endpoints Incident Response * Detection and Response * Utilize VPC flow logs to monitor network traffic and detect suspicious activities, such as unexpected connections or unusual data transfer patterns. * Implement real-time monitoring using Pub/Sub to receive alerts and notifications about potential security incidents or abnormal behavior in Cloud Run instances. * Investigate alerts promptly and analyze metadata endpoints for any signs of sensitive information disclosure or unauthorized access attempts. * Leverage Security Command Center for Threat Detection * Containment and Eradication * Upon detection of a deserialization vulnerability exploit or a reverse shell, immediately isolate the compromised Cloud Run instance to prevent further unauthorized access. * Utilize firewall rules to block incoming and outgoing connections associated with the compromised instance and prevent the reverse shell from communicating with external servers. * Apply IAM deny policies to restrict access to sensitive resources and prevent unauthorized actions from the compromised service account. * Recovery * Implement a fix to address the YAML deserialization vulnerability in the application deployed on Cloud Run instances. * Enhance application security by adding authentication via GCP Identity-Aware Proxy (IAP) to prevent unauthorized access to sensitive endpoints and data. * Restore the compromised Cloud Run instance from a clean backup or rebuild it with least-privileged service account permissions and hardened configurations. * Conduct a post-incident review to identify lessons learned and update incident response procedures, security controls, and employee training to improve the organization's resilience against similar attacks in the future. Defense Story Concept Coverage * Fix that prevents the YAML deserialization attack * Add the Authentication to the application via GCP IAP * Prevent the reverse shell using firewall rules * IAM Deny Policies * Run service with a least-privi

Supply Chain risks are everywhere. We’ve seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential and required by regulation. However, pentesters and red-teams must understand how they can leverage supply-chain attacks against applications, to further strengthen their defense implementations against it.

This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subsequently dive into story-driven scenarios of exploiting supply-chains like exploiting CI systems, and build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS, and Azure.

People learn better with stories. Our exploit and lateral movement scenarios are intricately designed labs that are backed by real-world stories that help students understand this subject-matter a lot better. This training was sold out at Blackhat USA 2023 with a 4.8/5 Rating

**NOTE:Conference and training tickets are separate purchases.

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long are the days since web servers were run by perl scripts and desktop apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server. What is common between Microsoft Teams, Skype, Bitwarden, Slack and Discord? All of them are written in Electron: JavaScript on the client. Modern Web and Desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web and desktop apps, showcasing Node.js and Electron but using techniques that will also work against any other web or desktop app platform. Ideal for Penetration Testers, Web and Desktop app Developers as well as everybody interested in JavaScript/Node.js/Electron app security.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with:

1.5 hour workshop - https://7asecurity.com/free-workshop-desktop-apps
1 hour workshop - https://7asecurity.com/free-workshop-web-apps

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.

Teaser Video: https://www.youtube.com/watch?v=Qckegc2gbfo

(Available as hybrid - in Person or online)

This three-day hands-on course teaches penetration testers and developers how to analyse Android and iOS applications for security vulnerabilities by going through the different phases of testing, including dynamic testing, static analysis, reverse engineering and Software Composition Analysis (SCA), using the OWASP Mobile Application Security Testing Guide (MASTG).

The OWASP MASTG is a comprehensive and open source guide to mobile security testing for both iOS and Android, providing a methodology and very detailed technical test cases to ensure completeness and using the latest attack techniques against mobile applications.

This course will give you hands-on experience with open source tools and advanced methodologies by guiding you through real-world scenarios.

## Detailed outline

We'll start the first day with an introduction to the OWASP MASVS and MASTG and the latest updates to it and then dive into the Android platform and its security architecture. Students will no longer be required to bring their own Android device, instead each student will be provided with a cloud-based virtualised Android device from Corellium.

Topics include:
- Intercepting network traffic from apps written in mobile app frameworks such as Google's Flutter
- Reverse engineering a Kotlin app and identifying and exploiting a real-world deep link vulnerability through manual source code review.
- Explore the differences and effectiveness of reverse engineering Android apps using Smali patching, Magisk and Dynamic Instrumentation with Frida
- Frida crash course to get started with dynamic instrumentation on Android apps
- Bypass different implementations of SSL pinning using Frida
- Use dynamic instrumentation with Frida to
- Bypass multiple root detection mechanisms
- Bypass Frida detection mechanisms -

Day 1 will be closed with a Capture the Flag (CTF)

On day 2 we wrap up Android and start with iOS and we will use a Github repo to trigger static scanning, SCA and secret scanning on Kotlin and Swift:
Android: - Analyse the storage of an Android app and understand the various options on how and where files can be stored (app-specific, shared storage etc.)
- Using Brida (Frida and Burp) to bypass End2End encryption in an Android App
- Static Scanning of Kotlin source code, identifying vulnerabilities and eliminating false positives
- Scanning for secrets in an APK iOS:
- Introduction into iOS Security fundamentals
- Scanning for secrets in a Swift repository and identifying ways to handle them securely.
- Software Composition Analysis (SCA) for iOS
- Scanning 3rd party libraries and SDKs in mobile package managers for known vulnerabilities and mitigation strategies.
- Statically scanning Swift source code, identifying vulnerabilities and eliminating false positives.
- Demonstration on how to test watchOS apps and it's limitations

Day 3 focuses on iOS.
We will begin the day by creating an iOS test environment using Corellium and dive into several topics, including:
- Intercepting network traffic of an iOS App in various scenarios, including intercepting traffic that is not HTTP
- Examining stateless authentication (JWT) in a mobile app
- A Frida crash course to get started with dynamic instrumentation for iOS applications
- Analyse the storage of an iOS app and understand the various options on how (Realm databases etc.) and where files can be stored.
- Testing methodology with a non-jailbroken device by repackaging an IPA with the Frida gadget
- Using Frida to bypass runtime instrumentation of iOS applications
- Anti-Jailbreaking Mechanisms
- Frida's detection mechanism We'll wrap up the final day with a "Mobile Hacking Scavenger Hunt." This unique CTF will feature not just mobile apps but also physical art objects, which we refer to as "hackable artworks". Whether you are a beginner who wants to learn mobile app testing from the ground up, or an experienced pentester or developer who wants to improve your existing skills to perform more advanced attack techniques, or just for fun, this training will help you achieve your goals.

The course consists of many different labs developed by the instructor and is approximately 65% hands-on and 35% lecture. Upon successful completion of this course, students will have a better understanding of how to test for vulnerabilities in mobile applications, how to suggest the right mitigation techniques to developers, and how to perform tests consistently.

### What students should bring

The following requirements must be met by students in order to be able to follow all exercises and participate fully:
- Laptop (Windows/Linux/macOS) with at least 8GB of RAM and 40GB of free disk space.
- Full administrative access in case of problems with the laptop environment (e.g. ability to disable VPN or AV/EDR) - Virtualisation software (e.g. VMware, VirtualBox, UTM); a virtual machine will be provided for X86 and ARM architecture (for M1/M2/M3 MacBooks) with all tools required for the training.
- Ideally a tablet to have a second screen for the practical lab slides when doing the hands-on sessions.
- Github account is needed (free account is sufficient) to fork a repository

An iOS and Android device is NOT required as an emulated instance is provided for each student hosted at Corellium. This is a cloud-based environment that allows each student access to a jailbroken iOS device and a rooted Android device during the training.

### What students will receive
- Slide decks for the iOS and Android training and all videos for all demonstrations shared in class.
- All vulnerable apps used during the training, either as APK or IPA.
- Detailed write-ups for all labs so you can review them at your own pace after the course.
- Dedicated Slack channel used to help students prepare before the course, communicate during the course and stay in touch after the course for any questions.
- Certificate of completion.

## What prerequisites should students have before attending this training?
- This course is for Beginners and Intermediate
- Basic understanding of mobile apps
- Able to use Linux command line

## Biography of the trainer Sven: is a co-founder of Bai7 GmbH in Austria, which is specialized in mobile app trainings and advisory. He has expertise in cloud security, offensive security engagements (Penetration Testing) and Application Security, notably in guiding software development teams across Mobile and Web Applications throughout the Software Development Life Cycle (SDLC) to integrate robust security measures in from the start. Besides his day job, Sven is involved with the Open Worldwide Application Security Project (OWASP) since 2016. As a co-project leader and author, he has significantly contributed to the OWASP Mobile Application Security Testing Guide (MASTG) and the OWASP Mobile Application Security Verification Standard (MASVS).

This course provides the knowledge and resources required to evaluate the security of web applications. The participants, through the understanding of theory and a strong focus on practical exercises, will be able to identify critical vulnerabilities in web applications, understand how exploitation works and learn how to implement the necessary corrective measures. The course is aligned with the OWASP 10 2021, a world-renowned reference document which describes the most critical web application security flaws.

The topics covered include:
- Introduction to Web Application Security
- Technologies used in Web Applications
- The Security Tester Toolkit
- Critical Areas in Web Applications
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server Side Request Forgery (SSRF)

Format: The course combines theory and hands-on practical exercises. The participants start by learning about web application vulnerabilities. They are then given access to a purpose-built web application environment that contains the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities in a safe environment.

SAMM User Day Requires a separate ticket purchase