Assessing And Exploiting Web Applications With Samurai-Wtf presented at OWASP Appsec 2010

by Mike Poor (InGuardians), Justin Searle (InGuardians),

Tags: Workshops

URL : http://www.owasp.org/index.php/Assessing_and_Exploiting_Web_Applications_with_Samurai-WTF

Summary : Course Length: 2 Days

Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of two different web applications, including client side attacks on the browsers connecting to those sites. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a third web application. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

Mike Poor: Mike Poor Mike Poor is a founder and Senior Security Analyst with InGuardians. Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike is an author and editor of the international best seller “Snort 2.1” book from Syngress, and is a Handler for the Internet Storm Center. Mike teaches Intrusion Detection for the SANS Institute and has supported Intrusion Detection and Incident Response teams for the military, and has worked for Sourcefire as a research engineer, and for the SANS Institute leading their Intrusion Analysis Team.]]

Justin Searle: Justin Searle, a Senior Security Analyst with InGuardians, specializes in penetration testing and security architecture. Justin currently leads the Smart Grid Architecture group of the Cybersecurity Coordination Task Group (CSCTG) for the National Institute of Standards and Technologies (NIST) and serves as a member of the Architecture Board for the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG) group. Previously, Justin served as JetBlue Airway’s IT Security Architect and has provided top-tier support for the largest supercomputers in the world. Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities and corporations. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. In his rapidly dwindling spare time, Justin co-leads prominent open source projects including The Middler, Samurai Web Testing Framework, and the social networking pentest tools: Yokoso! and Laudnum. Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA).