Eğitim: Assessing and Exploiting Web applications with samurai-WTF

30 Haziran – 4 Temmuz 2013 tarihleri arasında BlueKaizen & BGA işbirliği ile  İstanbul’da Justin Searle tarafından “Assessing and Exploiting Web applications with samurai-WTF” eğitimi verilecektir.

Eğitime indirimli kayıt olmak için BGASAMURAI kodunu kayıt esnasında girmeniz yeterli olacaktır.

Eğitimle ilgili detay bilgi almak için http://bluekaizen.org/profile/bk_courses/c2.php adresini ziyaret edebilirsiniz.

Eğitim dili İngilizce’dir.
Eğitim Başlıkları:

o Samurai
-WTF Project and Distribution
– About the Project
– Using the Live
-DVD
– Joining the Project
o Web Application Assessment Methodology

– Pentest Types and Methods
– Formal Four Step Methodology
– Overview of Web Applications Security Vulnerabilities
o Mapping Tools
– Overview of Mapping
– Port Scanning and Fingerprinting (Labs: nmap, zenmap, Yokoso!)
– Web Service Scanning (Labs: Nikto)
– Spidering (Labs: wget, curl, Zed Attack Proxy, WebScarab, BurpSuite)
– Discovering “Non-Discoverable” URLs (Labs: DirBuster)
o Discovery Tools
– Using Built-in Tools (Labs: Page Info, Error Console, DOM Inspector, View Source)
– Poking and Prodding (Labs: Default User Agent, Cookie Editor, Tamper Data)
– Interception Proxies (Labs: Zed Attack Proxy, WebScarab, BurpSuite)
– Semi-Automated Discovery (Labs: Zed Attack Proxy, Rat Proxy)
– Automated Discovery (Labs: Zed Attack Proxy, w3af)
– Dictionary File Creation (Labs: CeWL)
– Fuzzing (Labs: Zed Attack Proxy, JBroFuzz, BurpIntruder)
– Finding XSS (Labs: TamperData, Zed Attack Proxy)
– Finding SQL Injection (Labs: Zed Attack Proxy, sqlmap)
– Decompiling Flash Objects (Labs: Flare)
o Exploitation Tools
– Username Harvesting (Labs: ZAP, FuzzDB)
– Brute Forcing Passwords (Labs: ZAP, FuzzDB)
– Command Injection (Labs: w3af)
– Exploiting SQL Injection (Labs: SQLMap, Laudanum)
– Exploiting XSS (Labs: BeEF)
– Advanced exploitation through tool integration (Labs: Zed Attack Proxy + sqlmap, BeEF + Metaspliot