Introductory Hands on Web Application Penetration Testing

by Pam O'Shea

For this course you will need to be comfortable with the Linux command line and have a built a basic website with a database back-end to have the concepts needed.

We will be packing in the topics over the two days with lots of hands on fun. At the end of the course you will have all the skills you need to self study and resources to keep deepening your knowledge, as well as having a good methodology to begin testing or bug bounty hunting.


Topic 1:  Information Gathering and OSINT 

Topic 2:  Introduction to web applications testing, issues and tools

Topic 3:  Cross Site Scripting (XSS) detection and exploitation

Topic 4:  SQL Injection detection and exploitation

Topic 5:  Insecure direct object references (iDOR) and exploiting file uploads

Topic 6:  XML External Entity (XXE) attacks

Topic 7:  Insecure Deserialisation attacks

Topic 8:  Bug Bounty Methodologies, CTFs and putting it all together

Who will benefit the most from this course

This hands-on course is for anyone wishing to break into the technical security field. For anyone unfamiliar with the linux command line wishing to join this course, we will send out reading materials that'll cover all the basics and there will also be a 30 minute primer at the start of Day 1 for anyone with questions.

About the Trainer

Dr. Pamela O'Shea is director of Shea Information Security, providing security consulting and penetration testing services for Australian clients. Pamela is a sessional lecturer for the RMIT master's programme in cyber security and co-organises the OWASP AppSecDay conference on application security. Pamela is on the review board for Black Hat Asia and BSides Canberra. In addition, Pamela also provides penetration testing classes and mentorship to women keen to break into the technical security field. Outside of consulting, teaching and research, Pamela has an interest in radio and satellite communications and runs the Melbourne CyberSpecturm meetup on Software Defined Radio, as well as technical workshops and talks at Australia's hacker conferences.


Home     About     Sponsors     Merch     Courses     Tickets     Contact

  • Black Twitter Icon