Advanced Web Application Security

This year’s advanced Web application security training is given by none other than world-famous and Montreal-local Philippe Arteau. Philippe built a corpus which covers many recent Web vulnerabilities and with exercises in several popular languages.

Training sessions pricing and details

Class description

When conducting a penetration test for a Web application, knowledge of technology-specific caveats becomes crucial. Knowing exploitation basics is often insufficient to be effective. For these reasons, we are proposing a practical three-day workshop that focuses on the exploitation of Web applications. The training will cover various vulnerabilities with technology-specific patterns.

Exercises will be based on high-profile vulnerabilities reported publicly (bug bounty and CVEs from popular software). The workshop will provide tips on automation with Burp skeleton plugins. The exploitation will often be complemented with code review exercises.

The target audience is pentesters, security researchers, and developers with Web security knowledge.

Topics covered

  • Advanced XSS (DOM, Angular, CSP-Bypass)
  • Malicious file formats upload (beyond Web shells)
  • Server-Side Request Forgery (SSRF)
  • XML External Entity (XXE)
  • Template injection (Java, PHP, Ruby)
  • Deserialization bugs (Java, PHP)
  • HQL Injection (Hibernate Query Language)
  • ActiveRecord Injection (Ruby)
  • Burp extension creation with Skeleton plugins
  • Padding Oracle Attack
  • Code Review in PHP, Ruby, .NET and Java.

Requirements

  • Laptop with a modern Operating System
  • Experience using an attack proxy tool like Burp, ZAP or Fiddler
  • Recommended: Burp Pro license
  • Sublime, NotePad++ or a text editor of your choice

Provided to students

  • Cloud-based vulnerable environment
  • Vulnerable code samples
  • Exploitation cheat sheets

Instructor Bio

Philippe is a security researcher working for GoSecure. Its research is focused on Web application security. He is the author of the widely used Java static analysis tool Find Security Bugs. He created a static analysis tool for .NET called Roslyn Security Guard. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and a few others.

He presented at several conferences including Black Hat USA, Black Hat Europe, ATLSecCon, NorthSec, Hackfest (QC) et JavaOne. He has discovered many vulnerabilities in popular software including Google Chrome, Dropbox, Paypal, RunKeeper and Jira.