Given the success of previous sessions, we are doing another free live stream in May!
Hacking JavaScript Desktop Apps with XSS and RCE with 7ASecurity & John Hammond.
100% practical information, fully hands on to take your appsec kung-fu to the next level.
Hacking JavaScript Desktop apps with XSS and RCE
May 26, 18:00 – 19:00 CEST
A fine workshop that walks you through some awesome topics about Electron security. Topics covered include:
- Essential techniques to audit Electron applications
- Finding Vulnerabilities in Dependencies, Configuration & Source Code
- Introducing ElectroNegativity (SCA)
- Basics of Electron XSS exploitation
- Exploiting nodeIntegration
- Electron XSS / RCE Mitigation essentials
- Attacking preload scripts
- RCE via IPC
All action, no fluff, this workshop provides you with case studies from real-world vulnerable applications.
Join us on March 7 to learn the techniques to take your desktop app security auditing kung-fu to the next level.
Can’t come or need a head start? Get the Free desktop workshop here!
What do you get?
- Access to Free Live Online Workshops in February
- Lifetime access to a training portal
- Vulnerable apps to practice
- Guided exercise PDFs
- Video recording explaining how to solve the exercises
- Free access to all future updates
- Certificate of Attendance on attending the Live workshop
About the Speaker Note:
Abraham Aranguren: After 13 years in it sec and 20 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Also a distinguished Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Co-Author and supervisor of all 7ASecurity courses, covering Web, Mobile and JavaScript Desktop app security. Creator of “Practical Web Defense” (PWD) – a hands-on attack / defense course. OWASP OWTF project leader, an OWASP flagship project owtf.org. Formerly a senior penetration tester / team lead at Cure53 and Version1.
As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. He writes on Twitter as @7asecurity @7a_ @owtfp and 7asecurity Blog. Multiple presentations, pentest reports and recordings can be found here.
For the most up-to-date information about upcoming training events & Free online workshops check the training page.
