2 Day Training: Tuesday (10/23) and Wednesday (10/24)
The goal of the training session is to teach students how to identify, test, and exploit web application vulnerabilities. The creator and project lead of the OWASP Live CD, now recoined OWASP WTE, will be the instructor for this course and WTE will be a major component of the class.
Through lecture, demonstrations, and hands on labs, the session will cover the critical areas of web application security testing using the OWASP Testing Guide v3 as the framework and a custom version of OWASP WTE as the platform. Students will be introduced to a number of open source web security testing tools and provided with hands on labs to sharpen their skills and reinforce what they’ve learned.
Students will also receive a complementary DVD containing the custom WTE training lab, a copy of the OWASP Testing Guide, handouts and cheat-sheets to use while testing plus several additional OWASP references. Demonstrations and labs will cover both common and esoteric web vulnerabilities and includes topics such as Cross-Site Scripting (XSS), SQL injection, CSRF and Ajax vulnerabilities. Students are encouraged to continue to use and share the custom WTE lab after the class to further hone their testing skills.
After 12 years in application development and pen testing, Matt Tesauro is still loving making applications misbehave in fun and interesting ways. He is currently working for Rackspace for the Cloud Products group assessing the security of the software that powers Rackspace’s Open Cloud. Prior to Rackspace, Matt has been a developer, DBA, Linux SysAdmin, Pen Tester, application security consultant and application security trainer. Since 2008, he has been the project lead for the OWASP WTE (Web Testing Environment), a complete pre-configured application testing environment, and was elected to the board of the OWASP International Foundation in 2009.