7/22/2019 Bwapp Training

1/27

2013 MME BVBA, all rights reserved.

| IT Audits & Security

Attacking & Defending

Web Apps withbWAPP

MME

mailto:training@mmeit.be?subject=bWAPP%20traininghttp://twitter.com/Mme_IThttp://be.linkedin.com/in/malikmesellemhttp://itsecgames.blogspot.com/

7/22/2019 Bwapp Training

2/27

2013 MME BVBA, all rights reserved.

bWAPP training

2-day comprehensive web security course

Focus on attack and defense techniques

Performed on the famous bWAPPplatform

bWAPP, or a buggy web application

Deliberately insecure

Build to better secure web apps

Includes all OWASP Top 10 vulns

http://www.itsecgames.com/http://www.itsecgames.com/

7/22/2019 Bwapp Training

3/27

2013 MME BVBA, all rights reserved.

bWAPP training

7/22/2019 Bwapp Training

4/27

2013 MME BVBA, all rights reserved.

You will learn how to:

Detect vulnerabilities

Exploit vulnerabilities

Audit web applications

Secure web and database servers

bWAPP training

7/22/2019 Bwapp Training

5/27

2013 MME BVBA, all rights reserved.

bWAPP training

7/22/2019 Bwapp Training

6/27

2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Web Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

7/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Web Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

8/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

bWAPP and bee-box

HTTP/HTTPS Basics

Building Web Applications (HTML, JavaScript, PHP, ASP,...)

Web 2.0

Cross-Origin Resource Sharing

Database Technologies

Hacktivism and Web Attacks

7/22/2019 Bwapp Training

9/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Web Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

10/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Penetration Testing

Web Application Penetration Testing

Black-Box and White-Box Testing

Penetration Testing Distributions

Introduction to Kali Linux (formerly BackTrack)

Testing Methodologies

Open Web Application Security Project (OWASP)

Writing Reports

7/22/2019 Bwapp Training

11/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Web Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

12/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Reconnaissance

Browser Add-ons

Crawling and Bruteforcing

Web Server Scanners

Intermediate Proxies

Information Disclosures

7/22/2019 Bwapp Training

13/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Advanced Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

14/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Vulnerabilities & Exploitation

Injections (HTML, Cmd, SQL, Blind SQL, JSON, XML/XPath,...)

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF)

Session & Authentication Issues

Client Side Attacks

Denial-of-Service (DoS)

Local Privilege Escalations

7/22/2019 Bwapp Training

15/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Vulnerabilities & Exploitation

HTTP Parameter Pollution and Response Splitting

File Inclusions (LFI/RFI)

Malicious File Uploads (~ webshells)

Cross-Domain Attacks

ClickJacking & HTML5 Web Storage Issues

Parameter Tampering

Cryptographic Attacks

7/22/2019 Bwapp Training

16/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Web Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

17/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Web Vulnerability Detection

Intermediate Proxies

Open Source Assessment Tools

Commercial Vulnerability Scanners

Source Code Analysis Tools

7/22/2019 Bwapp Training

18/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Web Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

19/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Writing Secure Code

Input Validations

Stored Procedures

Prepared Statements

Additional Defenses

OWASP Developer Guide

7/22/2019 Bwapp Training

20/27 2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Introduction to Web Apps

Penetration Testing

Reconnaissance

Vulnerabilities & Exploitation

Web Vulnerability Detection

Writing Secure Code

Web & Database Server Hardening

7/22/2019 Bwapp Training

21/27

2013 MME BVBA, all rights reserved.

bWAPP training

Course Content

Web & Database Server Hardening

Apache and IIS Security

MySQL and MS SQL Security

High Availability Techniques

Intrusion Detection and Prevention

Web Application Firewalls (WAFs)

7/22/2019 Bwapp Training

22/27

2013 MME BVBA, all rights reserved.

bWAPP training

Audience

System engineers, web programmers, geeks and all other

InfoSec enthusiasts are welcome!

This is a hardcoreInfoSec training

7/22/2019 Bwapp Training

23/27

2013 MME BVBA, all rights reserved.

bWAPP training

After attending the course you will be able to

Detect vulnerabilities in web apps

Audit, pentest (and hack) web apps

Protect web apps from modern attacks

Harden web servers and databases

Optimize source code

My revenge will

be sweet...

7/22/2019 Bwapp Training

24/27

2013 MME BVBA, all rights reserved.

bWAPP training

When & Where

This course is on demand, at your location

2-day training

Schedule

09u00 - 13u00 : training part 1

13u00 - 14u00 : break

14u00 - 17u00 : training part 2

7/22/2019 Bwapp Training

25/27

2013 MME BVBA, all rights reserved.

bWAPP training

Prices

1110 EUR/student

Special prices for groups

Included

Course materials

Software

Certificate

mailto:training@mmeit.be?subject=bWAPP%20training

7/22/2019 Bwapp Training

26/27

2013 MME BVBA, all rights reserved.

bWAPP training

Requirements

Laptop with at least 2GB RAM and 20GB free disk space

VMware Player, Workstation or Fusion

Programming knowledge not required

Interest in InfoSec

Subscriptions possible from here

mailto:training@mmeit.be?subject=bWAPP%20trainingmailto:training@mmeit.be?subject=bWAPP%20training

7/22/2019 Bwapp Training

27/27

bWAPP training

Trainer: Malik Mesellem

Email | malik@mmeit.be

LinkedIn | be.linkedin.com/in/malikmesellem

Twitter |twitter.com/MME_IT

Blog | itsecgames.blogspot.com

mailto:malik@mmeit.behttp://www.linkedin.com/in/malikmesellemhttp://twitter.com/MME_IThttp://itsecgames.blogspot.be/mailto:training@mmeit.be?subject=bWAPP%20traininghttp://itsecgames.blogspot.com/http://twitter.com/Mme_IThttp://be.linkedin.com/in/malikmesellemhttp://itsecgames.blogspot.be/http://twitter.com/MME_IThttp://www.linkedin.com/in/malikmesellemmailto:malik@mmeit.be