Come and join us for Free Workshop: RCE & Prototype Pollution on Node.js applications on April 15 @ 18:00 – 19:00 CET . This Free Workshop is a prelude to the complete course “Hacking Modern Web apps: Master the Future of Attack Vectors“. We’re sure you’ll leave with a thirst for more!
The complete course is a web security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your websec kung-fu to the next level. In this brief workshop we cover RCE & Prototype Pollution. Also, we explain what the course covers and give you a few lab samples with the following topics:
- RCE options against Node.js applications
- Introduction to Prototype Pollution
- Prototype Pollution attacks in practice
All attendants will be provided with training portal access to practice the attack vectors covered. This includes:
- Lifetime access to a training portal
- Vulnerable apps to practice
- Guided exercise PDFs
- Video recording explaining how to solve the exercises.
Finally, the free workshop will be followed by 2 x 4hr live training sessions on April 20-21 @ 17:00 – 21:00 CET
By and large, from new to advanced, content should keep all skill levels happy
Abraham Aranguren: After 13 years in itsec and 20 in IT Abraham is now the CEO of 7asecurity.com. A company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Previously senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Also the creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD). Additionally, OWASP OWTF project leader, an OWASP flagship project (owtf.org).
As a Security trainer, Abraham has conducted trainings at various events such as Blackhat USA, HITB, OWASP Global AppSec. Finally, as a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Also, he writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications.
For the most up-to-date information about upcoming training events, including free workshops, check this.