Here are the details about the upcoming Free Mobile & Web app Security Workshops in March & April!
Don’t miss out on your monthly dose of free online workshops! Packed with actionable information derived from real-world penetration testing, the workshops take your InfoSec Kung-Fu to the next level, no BS!
- March 31: Practical Mobile app attacks by Example
- April 22: Hacking Modern Web apps with RCE and Prototype Pollution
Workshop 1, March 31: Practical Mobile app attacks by Example
Tune in to get a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps. This workshop is an entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public.
Attendants will be provided with:
- Years of mobile pentesting experience in only a couple of hours! 🙂
- Slides with step-by-step instructions for all exercises
- Recording
- Test Apps to practice the attack vectors discussed
- Including multiple mobile app attack surface attacks
- Deeplinks and mobile app data exfiltration with XSS
With case studies on security issues in password vaults, privacy browsers and government mandated apps, this workshop all action, no fluff :). So join us if you are the kind of person who enjoys workshops with practical information.
Also, joining us on this one will be John Hammond, senior cybersecurity researcher, educator and content creator. Don’t forget to check out John’s YouTube channel as we deep dive into Mobile app security issues.
Can’t make it? need a head start? Find the Free Mobile workshop here!
Workshop 2, April 22: Hacking Modern Web apps with RCE and Prototype Pollution
Get a first hand experience in the latest Web hacking techniques and the know how to develop and secure Node.js apps. This workshop is for Web app Developers & Pentester’s and covers the following topics:
- RCE options against Node.js applications
- Introduction to Prototype Pollution
- Prototype Pollution attacks in practice
Add to that case study of a real-world vulnerable application, where we bisect BoltCMS (CSRF to XSS to RCE). So don’t wait and join us to be part of this hands on workshop on April 21.
Can’t make it? need a head start? Find the Free Web workshop here!
What do you get?
- Access to Free Live Online Workshops
- Lifetime access to all workshop materials
- Vulnerable apps to practice
- Guided exercise PDFs
- Video recording explaining how to solve the exercises
- Free access to all future updates
- Certificate of Attendance on attending the Live workshop
About the Speaker Note:
Abraham Aranguren: After 13 years in it sec and 20 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Also a distinguished Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Co-Author and supervisor of all 7ASecurity courses, covering Web, Mobile and JavaScript Desktop app security. Creator of “Practical Web Defense” (PWD) – a hands-on attack / defense course. OWASP OWTF project leader, an OWASP flagship project owtf.org. Formerly a senior penetration tester / team lead at Cure53 and Version1.
As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. He writes on Twitter as @7asecurity @7a_ @owtfp and 7asecurity Blog. Multiple presentations, pentest reports and recordings can be found here.
For the most up-to-date information about upcoming training events & Free online workshops check the training page.
