3-Day Training Mastering Burp Suite Pro Course (Amsterdam, Netherlands - May 6th-8th, 2019) - ResearchAndMarkets.com
DUBLIN--(BUSINESS WIRE)--Mar 4, 2019--The “3-Day Training: Mastering Burp Suite Pro: 100% Hands-On” training has been added to ResearchAndMarkets.com’s offering.
Burp Suite Pro is the leading tool for auditing Web applications at large. Its users are mainly penetration testers, QA people, or advanced developers. Mastering Burp Suite allows users to get the most out of the tool, optimizing time spent. Work will be faster, more effective and more efficient. What’s more, advanced automation techniques allow detection of additional vulnerabilities whether complex or subtle. Attendees will also learn to measure the quality of their attacks, a crucial skill in real-life engagements.
Most features included in the tool are covered, including the recent ones like Collaborator (out- of-band interactions) and Infiltrator (IAST of Java and .Net applications). Alternative strategies and techniques will be demonstrated, giving a wider view of available functionalities.
Tons of challenges are available (even after the training!), covering classic web applications, of course, but also thin clients, mobile applications, realistic APIs, e-commerce platforms,
Key Learning Objectives
What to expect
- 3 days of hands-on practice!
- Slidedeck (more than 500 pages)
- Copy of the training infrastructure (~20 containers and hundreds of challenges) A temporary Burp Suite Pro license (if needed) and some goodies
What NOT to expect
A Web penetration testing methodology: the goal is to master the toolbox
Every trainee goes through the main set, composed of nearly 60 challenges. Plenty of additional ones are available, depending on your speed, taste, skills and professional needs. No way to get bored!
Among the available challenges: complex brute-force, data extraction, support of custom formats, automatic management of anti-CSRF tokens, weak cryptography, webhooks, NoSQL injections, authorizations bugs, aggressive disconnection, JWT-authenticated APIs, arbitrary Java deserialization, blind stored XSS, instrumented Java applications, strict workflows,
The challenges are hosted in a Docker infrastructure (~20 containers) which is made available to all trainees right after the training session. It’s super easy to use: install Docker, run a few commands, enjoy the challenges!
Key Topics Covered:
Agenda - Day 1:
The first day is spent on well defined tasks where the goal is to find flags, like in CTF contests. We practice basic automation using tools like Proxy, Repeater and Intruder:
- Introduction to Burp (GUI, tools, shortcuts, inline help)
- Proxy (defining the scope, filtering and sorting data)
- Repeater (exploitation of the Dlink DIR-100 backdoor, efficiency tips)
- Intruder (most payload types, anti-CSRF tokens without macros, data extraction)
Agenda - Day 2:
On the second day, challenges get more complex: solving them requires a good understanding of the underlying application and the usage of multiple Burp Suite tools:
- Advanced Intruder (customized wordlists, exporting results, time-based feedback) - Advanced Proxy (live modifications, interception and manual analysis, )
- Data frobbing (dealing with opaque chunks of data)
- Macros and Sessions (anti-CSRF tokens, short-lived sessions, strict workflows)
Agenda - Day 3:
The third and last day is quite different from previous ones. After introducing numerous advanced subjects, I invite students to select the ones they are interested in. They then spend the day working on whatever subjects they picked. Among the presented subjects:
- Highly useful extensions and third-party tools
- Tools for authentication and authorization audits
- Advanced automation (AngularJS and blind XSS, dynamic external references)
- Web Services (SOAP and REST interfaces, JWT authentication via macros)
- OOB communication via Collaborator (set up your own instance, interact manually)
- IAST with Infiltrator (instrumented version of Jenkins and WebGoat are available)
- Automated and headless usage (fine tuning, using REST interfaces, )
- Advanced Web exploitation (Java deserialization, weak cryptography, complex macros)
For more information about this training visit https://www.researchandmarkets.com/research/pgm77q/3day_training?w=4
View source version on businesswire.com:https://www.businesswire.com/news/home/20190304005724/en/
Laura Wood, Senior Press Manager
For E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call 1-800-526-8630
For GMT Office Hours Call +353-1-416-8900
Related Topics:Professional Development and Training
INDUSTRY KEYWORD: EDUCATION TRAINING
SOURCE: Research and Markets
Copyright Business Wire 2019.
PUB: 03/04/2019 11:27 AM/DISC: 03/04/2019 11:27 AM