30 Haziran - 4 Temmuz 2013 tarihleri arasında BlueKaizen & BGA işbirliği ile İstanbul'da Justin Searle tarafından "Assessing and Exploiting Web applications with samurai-WTF" eğitimi verilecektir.
Eğitime indirimli kayıt olmak için BGASAMURAI kodunu kayıt esnasında girmeniz yeterli olacaktır.
Eğitimle ilgili detay bilgi almak için http://bluekaizen.org/profile/bk_courses/c2.php adresini ziyaret edebilirsiniz.
Eğitim dili İngilizce'dir.
Eğitim Başlıkları:
o Samurai
-WTF Project and Distribution
- About the Project
- Using the Live
-DVD
- Joining the Project
o Web Application Assessment Methodology
- Pentest Types and Methods
- Formal Four Step Methodology
- Overview of Web Applications Security Vulnerabilities
o Mapping Tools
- Overview of Mapping
- Port Scanning and Fingerprinting (Labs: nmap, zenmap, Yokoso!)
- Web Service Scanning (Labs: Nikto)
- Spidering (Labs: wget, curl, Zed Attack Proxy, WebScarab, BurpSuite)
- Discovering "Non-Discoverable" URLs (Labs: DirBuster)
o Discovery Tools
- Using Built-in Tools (Labs: Page Info, Error Console, DOM Inspector, View Source)
- Poking and Prodding (Labs: Default User Agent, Cookie Editor, Tamper Data)
- Interception Proxies (Labs: Zed Attack Proxy, WebScarab, BurpSuite)
- Semi-Automated Discovery (Labs: Zed Attack Proxy, Rat Proxy)
- Automated Discovery (Labs: Zed Attack Proxy, w3af)
- Dictionary File Creation (Labs: CeWL)
- Fuzzing (Labs: Zed Attack Proxy, JBroFuzz, BurpIntruder)
- Finding XSS (Labs: TamperData, Zed Attack Proxy)
- Finding SQL Injection (Labs: Zed Attack Proxy, sqlmap)
- Decompiling Flash Objects (Labs: Flare)
o Exploitation Tools
- Username Harvesting (Labs: ZAP, FuzzDB)
- Brute Forcing Passwords (Labs: ZAP, FuzzDB)
- Command Injection (Labs: w3af)
- Exploiting SQL Injection (Labs: SQLMap, Laudanum)
- Exploiting XSS (Labs: BeEF)
- Advanced exploitation through tool integration (Labs: Zed Attack Proxy + sqlmap, BeEF + Metaspliot
Eğitime indirimli kayıt olmak için BGASAMURAI kodunu kayıt esnasında girmeniz yeterli olacaktır.
Eğitimle ilgili detay bilgi almak için http://bluekaizen.org/profile/bk_courses/c2.php adresini ziyaret edebilirsiniz.
Eğitim dili İngilizce'dir.
Eğitim Başlıkları:
o Samurai
-WTF Project and Distribution
- About the Project
- Using the Live
-DVD
- Joining the Project
o Web Application Assessment Methodology
- Pentest Types and Methods
- Formal Four Step Methodology
- Overview of Web Applications Security Vulnerabilities
o Mapping Tools
- Overview of Mapping
- Port Scanning and Fingerprinting (Labs: nmap, zenmap, Yokoso!)
- Web Service Scanning (Labs: Nikto)
- Spidering (Labs: wget, curl, Zed Attack Proxy, WebScarab, BurpSuite)
- Discovering "Non-Discoverable" URLs (Labs: DirBuster)
o Discovery Tools
- Using Built-in Tools (Labs: Page Info, Error Console, DOM Inspector, View Source)
- Poking and Prodding (Labs: Default User Agent, Cookie Editor, Tamper Data)
- Interception Proxies (Labs: Zed Attack Proxy, WebScarab, BurpSuite)
- Semi-Automated Discovery (Labs: Zed Attack Proxy, Rat Proxy)
- Automated Discovery (Labs: Zed Attack Proxy, w3af)
- Dictionary File Creation (Labs: CeWL)
- Fuzzing (Labs: Zed Attack Proxy, JBroFuzz, BurpIntruder)
- Finding XSS (Labs: TamperData, Zed Attack Proxy)
- Finding SQL Injection (Labs: Zed Attack Proxy, sqlmap)
- Decompiling Flash Objects (Labs: Flare)
o Exploitation Tools
- Username Harvesting (Labs: ZAP, FuzzDB)
- Brute Forcing Passwords (Labs: ZAP, FuzzDB)
- Command Injection (Labs: w3af)
- Exploiting SQL Injection (Labs: SQLMap, Laudanum)
- Exploiting XSS (Labs: BeEF)
- Advanced exploitation through tool integration (Labs: Zed Attack Proxy + sqlmap, BeEF + Metaspliot