AppSecUSA 2015

Note: This is a two day course from Tues 2015-09-22 - Wed 2015-09-23

The OWASP Application Verification Standard provides great guidelines which help us develop secure applications. However, nobody is perfect. How do we audit to ensure we are following these standards consistently? This hands-on training provides examples of how to audit our web-based applications for adherence to the OWASP ASVS using the Burp Suite interception proxy and a few other free tools. Learn how to use Burp Suite and how to ensure applications comply with written standards.

All testing will be against targets included on the Samurai WTF distribution which will allow students to follow along with the demonstrations and participate in the hands-on labs. Hands-on labs include auditing horizontal and vertical brute-force controls, XSS and BeEF, CSRF by example, exploiting insecure direct object references and many more.

Who Should Take This Course?
This course is designed for application security professionals, security auditors, quality assurance engineers, and software developers.

What Should Students Bring?
Samurai WTF