7/22/2019 Bwapp Training
1/27
2013 MME BVBA, all rights reserved.
| IT Audits & Security
Attacking & Defending
Web Apps withbWAPP
MME
mailto:[email protected]?subject=bWAPP%20traininghttp://twitter.com/Mme_IThttp://be.linkedin.com/in/malikmesellemhttp://itsecgames.blogspot.com/7/22/2019 Bwapp Training
2/27
2013 MME BVBA, all rights reserved.
bWAPP training
2-day comprehensive web security course
Focus on attack and defense techniques
Performed on the famous bWAPPplatform
bWAPP, or a buggy web application
Deliberately insecure
Build to better secure web apps
Includes all OWASP Top 10 vulns
http://www.itsecgames.com/http://www.itsecgames.com/7/22/2019 Bwapp Training
3/27
2013 MME BVBA, all rights reserved.
bWAPP training
7/22/2019 Bwapp Training
4/27
2013 MME BVBA, all rights reserved.
You will learn how to:
Detect vulnerabilities
Exploit vulnerabilities
Audit web applications
Secure web and database servers
bWAPP training
7/22/2019 Bwapp Training
5/27
2013 MME BVBA, all rights reserved.
bWAPP training
7/22/2019 Bwapp Training
6/27
2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Web Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
7/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Web Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
8/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
bWAPP and bee-box
HTTP/HTTPS Basics
Building Web Applications (HTML, JavaScript, PHP, ASP,...)
Web 2.0
Cross-Origin Resource Sharing
Database Technologies
Hacktivism and Web Attacks
7/22/2019 Bwapp Training
9/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Web Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
10/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Penetration Testing
Web Application Penetration Testing
Black-Box and White-Box Testing
Penetration Testing Distributions
Introduction to Kali Linux (formerly BackTrack)
Testing Methodologies
Open Web Application Security Project (OWASP)
Writing Reports
7/22/2019 Bwapp Training
11/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Web Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
12/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Reconnaissance
Browser Add-ons
Crawling and Bruteforcing
Web Server Scanners
Intermediate Proxies
Information Disclosures
7/22/2019 Bwapp Training
13/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Advanced Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
14/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Vulnerabilities & Exploitation
Injections (HTML, Cmd, SQL, Blind SQL, JSON, XML/XPath,...)
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Session & Authentication Issues
Client Side Attacks
Denial-of-Service (DoS)
Local Privilege Escalations
7/22/2019 Bwapp Training
15/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Vulnerabilities & Exploitation
HTTP Parameter Pollution and Response Splitting
File Inclusions (LFI/RFI)
Malicious File Uploads (~ webshells)
Cross-Domain Attacks
ClickJacking & HTML5 Web Storage Issues
Parameter Tampering
Cryptographic Attacks
7/22/2019 Bwapp Training
16/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Web Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
17/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Web Vulnerability Detection
Intermediate Proxies
Open Source Assessment Tools
Commercial Vulnerability Scanners
Source Code Analysis Tools
7/22/2019 Bwapp Training
18/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Web Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
19/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Writing Secure Code
Input Validations
Stored Procedures
Prepared Statements
Additional Defenses
OWASP Developer Guide
7/22/2019 Bwapp Training
20/27 2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Introduction to Web Apps
Penetration Testing
Reconnaissance
Vulnerabilities & Exploitation
Web Vulnerability Detection
Writing Secure Code
Web & Database Server Hardening
7/22/2019 Bwapp Training
21/27
2013 MME BVBA, all rights reserved.
bWAPP training
Course Content
Web & Database Server Hardening
Apache and IIS Security
MySQL and MS SQL Security
High Availability Techniques
Intrusion Detection and Prevention
Web Application Firewalls (WAFs)
7/22/2019 Bwapp Training
22/27
2013 MME BVBA, all rights reserved.
bWAPP training
Audience
System engineers, web programmers, geeks and all other
InfoSec enthusiasts are welcome!
This is a hardcoreInfoSec training
7/22/2019 Bwapp Training
23/27
2013 MME BVBA, all rights reserved.
bWAPP training
After attending the course you will be able to
Detect vulnerabilities in web apps
Audit, pentest (and hack) web apps
Protect web apps from modern attacks
Harden web servers and databases
Optimize source code
My revenge will
be sweet...
7/22/2019 Bwapp Training
24/27
2013 MME BVBA, all rights reserved.
bWAPP training
When & Where
This course is on demand, at your location
2-day training
Schedule
09u00 - 13u00 : training part 1
13u00 - 14u00 : break
14u00 - 17u00 : training part 2
7/22/2019 Bwapp Training
25/27
2013 MME BVBA, all rights reserved.
bWAPP training
Prices
1110 EUR/student
Special prices for groups
Included
Course materials
Software
Certificate
mailto:[email protected]?subject=bWAPP%20training7/22/2019 Bwapp Training
26/27
2013 MME BVBA, all rights reserved.
bWAPP training
Requirements
Laptop with at least 2GB RAM and 20GB free disk space
VMware Player, Workstation or Fusion
Programming knowledge not required
Interest in InfoSec
Subscriptions possible from here
mailto:[email protected]?subject=bWAPP%20trainingmailto:[email protected]?subject=bWAPP%20training7/22/2019 Bwapp Training
27/27
bWAPP training
Trainer: Malik Mesellem
Email | [email protected]
LinkedIn | be.linkedin.com/in/malikmesellem
Twitter |twitter.com/MME_IT
Blog | itsecgames.blogspot.com
mailto:[email protected]://www.linkedin.com/in/malikmesellemhttp://twitter.com/MME_IThttp://itsecgames.blogspot.be/mailto:[email protected]?subject=bWAPP%20traininghttp://itsecgames.blogspot.com/http://twitter.com/Mme_IThttp://be.linkedin.com/in/malikmesellemhttp://itsecgames.blogspot.be/http://twitter.com/MME_IThttp://www.linkedin.com/in/malikmesellemmailto:[email protected]