This is a hands-on training which covers a broad scope of vulnerabilities that can be found in Web applications. The objective is to provide participants with the methodology and tools required in order to assess a Web application. It is tailored for developers or junior security engineers who want to start their journey in attacking and compromising Web applications. It does not dive in-depth into specific vulnerabilities, but rather covers a broad spectrum of issues to provide the participants with a basic understanding of all the relevant topics.
Workshop
Web Application Security
March 11th & 12th, 2025
2 days training, by Alain Mowat
This training will be given in ENGLISH
Normal price: CHF 2000.-
Student price: CHF 1500.- (limited availability)
Description
About the trainer
Alain Mowat joined SCRT in 2008 as a penetration tester and is now leading the pentesting team in the same company. While still performing various engagements throughout the year, Alain is also dedicated to exploring new approaches to be used by the offensive security industry to better secure client infrastructures.
Aside from these activities, Alain was an active member in the 0daysober CTF team that finished 3rd at DEFCON CTF in 2015 and has responsibly disclosed vulnerabilities in multiple products such as Citrix NetScaler, SonicWall SRA & SMA, Barracuda, Twitter and McAfee’s ePolicy Orchestrator.
Alain is also responsible for giving Web and general security awareness trainings at SCRT and has presented at several Swiss conferences, such as Insomni’hack, Secure IT VS and CyberSecurity Alliance.
Course outline
Introduction
- Overview of technologies in use
- Encodings
- Introduction to BurpSuite
Information gathering
- Generic information gathering
- Specific information gathering
Entry point analysis
- Identifying entry points
- Analysing entry points
- Fuzzin entry points
Authentication & Authorisations
- Session issues
- Authentication issues
- Delegating authentication
- SAML
- Oauth2/OIDC
- JWT
- Access control
- Function
- Resource-based
Server-side attacks
- Injections
- XML
- Path traversal
- Server-Side Request Forgery
- Deserialization
- Race conditions
Client-side attacks
- Same Origin Policy
- Cross-Origin Resource Sharing
- PostMessage API
- JSONP
- Cross-Site Scripting
- Cross-Site Request Forgery
- Websockets
Infrastructure attacks
- Attacking encryption mechanisms
- Request smuggling
- Cache poisoning
Course requirements
Basic knowledge of Web technologies