Hacking Modern Web apps with RCE & Prototype Pollution is an all action, no fluff workshop for those who enjoy workshops with practical information. To sum up, this brief workshop is a curtain raiser to the main course Hacking Modern Web apps: Master the Future of Attack Vectors.
In short, we explain what the course covers by walking you through some lab samples covering the following topics:
- RCE options against Node.js applications
- Introduction to Prototype Pollution
- Prototype Pollution attacks in practice
Moreover, attendants will be provided with training portal access to practice the attack vectors covered. This includes:
- Lifetime access to the training portal
- Vulnerable apps to practice
- Guided exercise PDFs
- Video recording explaining how to solve the exercises
Come and join us for this 60-minute hacking session, we’re sure you’ll leave with a thirst for more!
Finally, the free workshop will be followed by 2 x 4h live training sessions on February 16-17th 2021, 17:00 – 21:00 CET
Live Training : Hacking Modern Web Apps: Master the Future of Attack Vectors
Come and have fun with us! 🙂
By and large, from new to advanced, content should keep all skill levels happy
Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com). A company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. As well as security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Previously senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Also, creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD). Additionally, OWASP OWTF project leader, an OWASP flagship project (owtf.org). Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. Finally, as a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity@7a_@owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
For the most up-to-date information about upcoming training events, including free workshops, check this.