Tired of bad news? Here’s some free training! 🙂
Join now to take advantage of two Free Live Online Workshops in December. Get introduced to Desktop & Mobile App Security by the best. 100% hands on, these workshops are filled with practical information that you can immediately apply to work, no boring theories about the universe 😉
Hacking JavaScript Desktop apps with XSS & RCE
Get introduced to XSS and learn how to turn XSS into RCE in JavaScript desktop apps. This 60 minute workshop is packed with case studies from real-world vulnerable applications. Also, covers attacks and mitigation against desktop apps on Linux, Windows and Mac OS X.
Topics Covered:
- Essential techniques to audit Electron applications
- What XSS means in a desktop application
- How to turn XSS into RCE in Modern apps
- Attacking preload scripts
- RCE via IPC
Join now to be part of this Free 60 minute workshop on December 9th, 2021 at 18:00 – 19:00 CET.
Cannot make it or need a head start? Get the Free Desktop Workshop here.
Deep Links & XSS in Android and iOS apps
Take a deep dive into Android & iOS security and explore Deep Link attacks & data exfiltration with XSS. Broaden your knowledge of mobile security with actionable information derived from real-world penetration testing of mobile apps.
Topics Covered:
- Deep Link attacks achieving user impersonation
- Bypass authorization controls using deep Link attacks
- Deep Link attacks to make phone calls
- XSS attacks and data exfiltration on Android & iOS
Join now to get a chance to attend this live workshop on December 16th, 2021 at 18:00 – 19:00 CET.
Cannot make or need a head start? Get the Free Mobile workshop here.
What do you get?
- Access to Free Live Online Workshops
- Lifetime (!) workshop access
- Free access to all future updates (!!)
- Vulnerable apps to practice
- Guided exercise PDFs
- Video recording explaining how to solve the exercises
- (Optional) Certificate of Attendance
About the Speaker Note:
Abraham Aranguren: After 13 years in it sec and 20 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Also a distinguished Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Co-Author and supervisor of all 7ASecurity courses, covering Web, Mobile and JavaScript Desktop app security. Creator of “Practical Web Defense” (PWD) – a hands-on attack / defense course. OWASP OWTF project leader, an OWASP flagship project owtf.org. Formerly a senior penetration tester / team lead at Cure53 and Version1.
As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. He writes on Twitter as @7asecurity @7a_ @owtfp and 7asecurity Blog. Multiple presentations, pentest reports and recordings can be found here.
For the most up-to-date information about upcoming training events & Free online workshops check the training page.