Hacking Modern Web apps with RCE & Prototype Pollution: Free Workshop – Feb 11

Hacking Modern Web apps with RCE & Prototype Pollution is an all action, no fluff workshop for those who enjoy workshops with practical information. To sum up, this brief workshop is a curtain raiser to the main course Hacking Modern Web apps: Master the Future of Attack Vectors.

In short, we explain what the course covers by walking you through some lab samples covering the following topics:

  • RCE options against Node.js applications
  • Introduction to Prototype Pollution
  • Prototype Pollution attacks in practice

Moreover, attendants will be provided with training portal access to practice the attack vectors covered. This includes:

  • Lifetime access to the training portal
  • Vulnerable apps to practice
  • Guided exercise PDFs
  • Video recording explaining how to solve the exercises

Come and join us for this 60-minute hacking session, we’re sure you’ll leave with a thirst for more!

Finally, the free workshop will be followed by 2 x 4h live training sessions on February 16-17th 2021, 17:00 – 21:00 CET

Live Training : Hacking Modern Web Apps: Master the Future of Attack Vectors

Come and have fun with us! 🙂

Hacking Modern Web apps with RCE & Prototype Pollution: Free Workshop

Audience level

By and large, from new to advanced, content should keep all skill levels happy

Presented by:

Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com). A company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. As well as security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Previously senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Also, creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD). Additionally, OWASP OWTF project leader, an OWASP flagship project (owtf.org). Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. Finally, as a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity@7a_@owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

For the most up-to-date information about upcoming training events, including free workshops, check this.