Introductory Hands on Web Application Penetration Testing
by Pam O'Shea
For this course you will need to be comfortable with the Linux command line and have a built a basic website with a database back-end to have the concepts needed.
We will be packing in the topics over the two days with lots of hands on fun. At the end of the course you will have all the skills you need to self study and resources to keep deepening your knowledge, as well as having a good methodology to begin testing or bug bounty hunting.
Topic 1: Information Gathering and OSINT
Topic 2: Introduction to web applications testing, issues and tools
Topic 3: Cross Site Scripting (XSS) detection and exploitation
Topic 4: SQL Injection detection and exploitation
Topic 5: Insecure direct object references (iDOR) and exploiting file uploads
Topic 6: XML External Entity (XXE) attacks
Topic 7: Insecure Deserialisation attacks
Topic 8: Bug Bounty Methodologies, CTFs and putting it all together
Who will benefit the most from this course
This hands-on course is for anyone wishing to break into the technical security field. For anyone unfamiliar with the linux command line wishing to join this course, we will send out reading materials that'll cover all the basics and there will also be a 30 minute primer at the start of Day 1 for anyone with questions.
About the Trainer
Dr. Pamela O'Shea is director of Shea Information Security, providing security consulting and penetration testing services for Australian clients. Pamela is a sessional lecturer for the RMIT master's programme in cyber security and co-organises the OWASP AppSecDay conference on application security. Pamela is on the review board for Black Hat Asia and BSides Canberra. In addition, Pamela also provides penetration testing classes and mentorship to women keen to break into the technical security field. Outside of consulting, teaching and research, Pamela has an interest in radio and satellite communications and runs the Melbourne CyberSpecturm meetup on Software Defined Radio, as well as technical workshops and talks at Australia's hacker conferences.