This training will teach students how to conduct website assessments using free and open source OWASP tools. Students will learn how to conduct web penetration tests using known methodologies such as the OWASP Testing Guide + PTES and NIST SP800-115.
Using the various methodologies, tools such as OWASP’s OWTF, ASVS and OWASP ZAP will be used introduced in order to demonstrate the lifecycle of web hacking. These tools give you the opportunity to perform and automate stages of penetration testing from reconnaissance, vulnerability analysis, to dynamic application testing and remediation steps to vulnerabilities found.
Who Should Take This Course?
This course is designed to help web developers and security professionals understand how to pentest and secure web applications. Candidates are expected to have basic knowledge of web technologies, but no experience in security is required prior to taking this course. However, security professionals who want to learn more about web security methodologies will benefit from this class.
What Should Students Bring?
Participants are required to bring a laptop (Windows, Mac or Linux) with at least 3 GB of RAM, 20 GB of free disk space,and either VMWare Player (free), VMWare Workstation, VMWare Fusion or Oracle VirtualBox pre-installed with Kali Linux (no version preference). If you want to get a head start, feel free to download and install OWASP ZAP and OWASP OWTF on the Kali Linux virtual machine.