June 28-29, 2017
Magnolia Hotel Denver
Denver, CO
 

Workshop

Tuesday, June 27, 2017

9:00 AM – 5:00 PM 8 CPEs

Web Application Security Testing with Kali Linux 
Mike Landeck, Director of Corporate Security/CISO
Brandon Archer,
Information Security Architect, Adams County

Kali Linux is a powerful and popular tool for penetration testing and cybersecurity assessments. However, for a beginner it can be confusing and intimidating. This workshop is designed for the passionate beginner who wants a structured, plain-English environment to learn the basics of Web application security testing using Kali. Attendees will leave with an understanding of the basics as well as step-by-step documentation allowing them to go back to their organizations and continue their learning as well as being able to do rudimentary assessments. 

Attendees will:

  1. Learn to navigate Kali Linux and run the applications necessary to do a web application security assessment
  2. Learn how to run an open source web vulnerability scanner
  3. Leave with a step-by-step test plan allowing them to conduct their own web application security assessments
  4. Receive templates and cheat sheets for documenting their findings
  5. Learn light web hacking skills to assist in their assessments

Agenda:

Part 1: Set-up

  • Orientation to the tools and target site

Part 2: Recon and Intel

  • Identifying sub-domains
  • Checking for Firewalls
  • Fingerprinting the server and services

Part 3: Web Scanning

  • Spider a web site
  • Run an open source web vulnerability scanner
  • Audit and interpret the results

Part 4: Manual Inspection

  • Follow a comprehensive test plan to identify and document common web vulnerabilities

Part 5: Beginning Web Pen Testing

  • Exploit the SQL injection found by the scanner to dump credit card numbers from a database
  • Exploit the file upload vulnerability found by the scanner to run the code on the server
  • Exploit the Cross-Site Scripting vulnerability found by the scanner to redirect users

The class will follow a “See it, read it, do it” model where each of the exercises is demonstrated live by the instructor and the students will have a step-by-step guide to use as they complete the exercise. In addition to the instructor will be an assistant instructor to help those who are falling behind.

Prerequisites:

Students must bring their own laptop. Prior to the workshop each student will be required to download the necessary software and confirm it runs on their laptop. A list of software and system requirements will be provided in advance.

When students leave they will take the test site and documentation with them, allowing them to begin assessments at their organizations.



      Gold Sponsor 

Darktrace 200x110