Hacking JavaScript Desktop Apps with John Hammond!

Given the success of previous sessions, we are doing another free live stream in May!

Hacking JavaScript Desktop Apps with XSS and RCE with 7ASecurity & John Hammond.

100% practical information, fully hands on to take your appsec kung-fu to the next level.

Hacking JavaScript Desktop apps with XSS and RCE
May 26, 18:00 – 19:00 CEST

A fine workshop that walks you through some awesome topics about Electron security. Topics covered include:

  • Essential techniques to audit Electron applications
  • Finding Vulnerabilities in Dependencies, Configuration & Source Code
  • Introducing ElectroNegativity (SCA)
  • Basics of Electron XSS exploitation
  • Exploiting nodeIntegration
  • Electron XSS / RCE Mitigation essentials
  • Attacking preload scripts
  • RCE via IPC

All action, no fluff, this workshop provides you with case studies from real-world vulnerable applications.

Join us on March 7 to learn the techniques to take your desktop app security auditing kung-fu to the next level.

Can’t come or need a head start? Get the Free desktop workshop here!

Hacking JavaScript Desktop Apps
What do you get?
  • Access to Free Live Online Workshops in February
  • Lifetime access to a training portal
  • Vulnerable apps to practice
  • Guided exercise PDFs
  • Video recording explaining how to solve the exercises
  • Free access to all future updates
  • Certificate of Attendance on attending the Live workshop

About the Speaker Note:

Abraham Aranguren: After 13 years in it sec and 20 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Also a distinguished Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Co-Author and supervisor of all 7ASecurity courses, covering Web, Mobile and JavaScript Desktop app security. Creator of “Practical Web Defense” (PWD) – a hands-on attack / defense course. OWASP OWTF project leader, an OWASP flagship project owtf.org. Formerly a senior penetration tester / team lead at Cure53 and Version1.

As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. He writes on Twitter as @7asecurity @7a_  @owtfp and 7asecurity Blog. Multiple presentations, pentest reports and recordings can be found here.

For the most up-to-date information about upcoming training events & Free online workshops check the training page.