Free Workshop: RCE & Prototype Pollution on Node.js applications

Posted on by Admin

Come and join us for Free Workshop: RCE & Prototype Pollution on Node.js applications on April 15 @ 18:00 – 19:00 CET . This Free Workshop is a prelude to the complete course “Hacking Modern Web apps: Master the Future of Attack Vectors“. We’re sure you’ll leave with a thirst for more!

The complete course is a web security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your websec kung-fu to the next level. In this brief workshop we cover RCE & Prototype Pollution. Also, we explain what the course covers and give you a few lab samples with the following topics:

  • RCE options against Node.js applications
  • Introduction to Prototype Pollution
  • Prototype Pollution attacks in practice

All attendants will be provided with training portal access to practice the attack vectors covered. This includes:

  • Lifetime access to a training portal
  • Vulnerable apps to practice
  • Guided exercise PDFs
  • Video recording explaining how to solve the exercises.

Finally, the free workshop will be followed by 2 x 4hr live training sessions on  April 20-21 @ 17:00 – 21:00 CET

Live Training: Hacking Modern Web Apps: Master the Future of Attack Vectors

RCE & Prototype Pollution on Node.js applications

Audience level

By and large, from new to advanced, content should keep all skill levels happy

Presented by:

Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of 7asecurity.com. A company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Previously senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Also the creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD). Additionally, OWASP OWTF project leader, an OWASP flagship project (owtf.org).

As a Security trainer, Abraham has conducted trainings at various events such as Blackhat USA, HITB, OWASP Global AppSec. Finally, as a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Also, he writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications.

For the most up-to-date information about upcoming training events, including free workshops, check this.

LINKEDIN
Blog