$393.00

In Stock

After taking a year off from SANS London (a trip to Colombia was too much to resist last year), I flew back over to sunny London (ha) to attend the new SEC642: Advanced Web App Penetration Testing class with Justin Searle. As I’ve had a few people ask about the class I thought I’d write-up some thoughts as I go through the class… Hope they come in handy for people interested in the class content!

PURCHASE THIS COURSE, YOU ACCUMLATE: 393 POINTs!


OR

Category:

Description

Buy SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 Course at esyGB. You will have immediate access to the digital downloads in your account or your order email.

After taking a year off from SANS London (a trip to Colombia was too much to resist last year), I flew back over to sunny London (ha) to attend the new SEC642: Advanced Web App Penetration Testing class with Justin Searle. As I’ve had a few people ask about the class I thought I’d write-up some thoughts as I go through the class… Hope they come in handy for people interested in the class content!

Day 1

Day 1 kicked off with a quick refresher on the testing methodology to ease people into things. SEC642 is strongly focused on the discovery and exploitation of vulnerabilities, but the importance of recon and mapping was emphasised during the process, as well as the process used to work through an application from initial recon through to the exploitation phase. One key point raised, and one that most people ignore, was the requirement to finish discovery of flaws (or potential flaws) in an application, BEFORE starting to exploit them. Although the exploitation phase is where we all have the most fun, it’s important for our clients to ensure we have as much coverage of the application as possible.

Jumping straight in, we discussed the more abstract and oft mis-used or unknown features of Burp Suite. It’s amazing the features that you never notice or use simply because you didn’t know they were there. Things like the Burp web interface (http://burp) and the ability to output log files (yes, even in the free version). We also touched on Burp scripting, although briefly. I’d loved to have dived into some more detailed scripting, but I get the feeling this process will be changing slightly with the 1.5 pro release, so maybe it’s better to wait anyhow 

With everybody on the same page with Burp, we moved into LFI (Local File Inclusion) and RFI (Remote File Inclusion). Alongside the simple examples there were some advanced methods exploiting LFI issues on various target platforms. Particularly interesting was the PHPINFO trick for using LFI to gain remote code execution on a system, as well as some interesting php://filter tricks to read the content of PHP files without them executing. It was good to have a test lab to try out the intricacies of these tricks and get the chance to get them running well and truly understand the ins and outs of the techniques.

To finish of day 1 we talked SQL Injection, with a short refresher in the basics before jumping into more advanced exploitation (including timing based and heuristic and binary search trees). We finished up day 1 with a couple of  SQLi labs to try out some of the more common SQL Injection tools (Havij, SQLmap)…

Day 2

Moving into the second day we shifted focus to “discovery and exploitation for specific applications”. We kicked things off with coverage of DOM based XSS, which is something that is often discussed, but seldom tested. Although the theory is simple enough, detection (and in particular automated testing tools) to discover DOM based XSS is not always an easy task. No discussion of XSS would be complete without looking at how it can be leveraged to attack clients, and as expected a number of possible payloads were discussed. It’s nice to see some examples of keylogging and geolocation payloads present, but the addition of scriptless attacks was particularly interesting. It was one of those “Oh yeah, that’s obvious… why didn’t I think about that sooner” moments. Sometimes you just can’t inject JavaScript, so having a few useful non-JavaScript attack payloads will certainly come in handy for those tricky apps.

Moving on from XSS, the class discussed more advanced XSRF attacks focusing more on the use of AJAX to perform attacks that are invisible to users. After some bad JavaScript coding (I’m no coder) we discussed CSRF protections and methods to bypass them by combining XSRF and XSS vulnerabilities within an application. The discussion of XSRF culminated in the creation of a simple self replicating XSRF attack (ala sammy).

To finish off the day we focused on application specific attacks against Sharepoint and WordPress systems. Personally I’d rather have spent the time discussing more in-depth workings of Sharepoint (or other enterprise grade systems such as Lotus Domino, SAP, etc…) than WordPress. Then again, you can’t please everybody all the time, and it was good to see @ethicalhack3r‘s wpscan mentioned in the WordPress section.

Overall day 2 was a little slow for my liking. Although it was nice to get some refresher on some points, it would have been cool to play with more varied XSS payload tricks, and maybe even look at some non-JavaScript injection (VBscript,…) and XSS via CSS, Flash files etc… Maybe SEC742 

Day 3

Of all the content, the crypto day was the one I was looking forward to most out of the class. Crypto is often something people skim over on a penetration test, so it’s nice to get some practical exercises in more advanced crypto based attacks.

The day started off with a quick grounding in common ciphers and hash algorithms, and moved on to methods for identifying encryption within web applications. The meat of the day was spent discussing attacks against CBC and ECB encryption modes (including bit flipping, CBC chosen plaintext, padding oracles and ECB shuffling attacks). With a good mix of theory and practical examples/exercises the class really helped to give a good understanding of how things work in the background, and how the can be exploited to attack or extract data from a web application.

Day 3 was a theory heavy day, and certainly a departure from days 1 and 2… I would have liked to have spent more time looking at crypto flaws, but there’s more gold in them their web applications than crypto alone!

Get SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 – Anonymous,Only Price $397

Day 4

No advanced class would be complete without talking about bypassing web application firewalls and filters. Day 4 covered some of the more common ways to detect and enumerate WAF’s and other protections, and how to work around some of the protections they offer. Some interesting techniques such as DATAURI and CDATA blocks were touched on, as well as the more common comment and onerror/onload style bypass techniques. We also covered some groundwork on HTML5 and it’s use in injection and bypassing common filters. The day finished up with a quick look at sqlmap tamper scripts and the little used evasion techniques built into sqlmap itself.

I felt that day 4 was a little basic for an advanced class. With so many options for evading detection or active filtering, I think the coverage was a little light.

Day 5

Day 5 stepped away from the world of Web Applications for a while to venture into mobile security. Although it seems at first blush to be a bit of a strange thing to include in a web app class, a lot of mobile application testing crosses over into the web app realm. Things like SOAP and REST are common to mobile applications and web application testing, providing the perfect chance to cover some mobile security alongside the standard web application testing.

Some of the background information on mobile platforms was a little too detailed for my liking (interesting, but not really relevant to web application testing), the exercises proved interesting and allowed people to play with capturing web traffic from mobile emulators.

Day 6

As with a lot of the SANS penetration testing classes, the final day of the class was a capture the flag style challenge to enforce some of the topics covered in the class. A majority of the keys were pretty simple to find, and I won’t spoil it for you by giving you too much info. I’d have like to have seen some more of the crypto content in the CTF, but I guess in a small timeframe you can’t do everything!

Overall the CTF was a fun experience… and as usual, I did terribly! Somehow I just can’t get into CTFs

Conclusion

The SEC 642 is a very young course, and isn’t without its flaws and issues. Saying that, the foundation is there for a good followup to the SEC542 class. With a few tweaks and changes (that I’m sure are already in the works) the SEC642 class should provide a good addition to the SANS penetration testing range of classes. If you’re doing penetration testing and found the SEC542 class a little too light for you, then SEC642 is definitely something you should look at in the future.

I would have liked to have seen even a passing mention to Metasploit as it pertains to Web Application testing, perhaps even replacing some of the less advanced sections with a few useful examples and labs. Still, you can’t have your cake AND eat it… and most people don’t see Metasploit as a useful tool in their web application testing arsenal (mores the pity!).

Some days may spend a little too long reviewing basic principles (sometimes for good reason), as well as a little too much focus on defense sometimes (defense is good, but this IS an exploitation course). You can’t please everyone though, and I think the class strikes a reasonable balance.

Get SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 – Anonymous,Only Price $397


Tag: SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 Review. SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 download. SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 discount.

Buy the SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 course at the best price at esy[GB]. Upon completing your purchase, you will gain immediate access to the downloads page. Here, you can download all associated files from your order. Additionally, we will send a download notification email to your provided email address.

Unlock your full potential with SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 courses. Our meticulously designed courses are intended to help you excel in your chosen field.

Why wait? Take the first step towards greatness by acquiring our SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 courses today. We offer a seamless and secure purchasing experience, ensuring your peace of mind. Rest assured that your financial information is safeguarded through our trusted payment gateways, Stripe and PayPal.

Stripe, known for its robust security measures, provides a safe and reliable payment process. Your sensitive data remains confidential throughout the transaction thanks to its encrypted technology. Your purchase is fully protected.

PayPal, a globally recognized payment platform, adds an extra layer of security. With its buyer protection program, you can make your purchase with confidence. PayPal ensures that your financial details are safeguarded, allowing you to focus on your learning journey.

Is it secure? to Use of?
How can this course be delivered?
  • After your successful payment this “SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015 course”, Most of the products will come to you immediately. But for some products were posted for offer. Please wait for our response, it might take a few hours due to the time zone difference.
  • If this occurs, please be patient. Our technical department will process the link shortly after, and you will receive notifications directly via email. We appreciate your patience.
What Shipping Methods Are Available?
How Do I Track Order?
  • We promptly update the status of your order after your payment is completed. If, after 7 days, there is no download link, the system will automatically process a refund.
  • We value your feedback and are eager to hear from you. Please do not hesitate to reach out via email us with any comments, questions and suggestions.

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Shop
Sidebar
0 Cart
SANS SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015
$393.00 Add to cart