Be Social With Us!www.IntellectualPoint.com (571) 577-7890 Or (703) 554-3827 • info@intellectualpoint.com

Description:This training will utilize hands-on training with Burp Suite and OWASP Juice Shop to teach web application penetration testing (WAPT) fundamentals. In logical modules, we will demonstrate how to use Burp Suite to manually and automatically identify and validate common web app security issues, with a focus on covering the OWASP Top 10 application security risks (2017 list). By the end of the training, attendees will be equipped to utilize standard methodologies, tools, and reporting concepts to start conducting their own WAPT assessments and bug bounty hunting on production web apps and also to have a high level understanding of how to write more secure code.

Who: This training is ideal for anyone interested in learning how to conduct cybersecurity penetration tests on web applications using the industry standard and highly popular tool, Burp Suite. Web developers who want to develop with security in mind will also benefit greatly from this training.

Why: Web applications pose a huge risk factor for organizations as they are often internet-facing or have the potential for abuse from threat actors who get past an organization’s perimeter. These applications often allow users of various roles to access company and client Personally Identifiable Information (PII), databases, and other sensitive data.

Penetration Tester Salary: $116,599 average

annual salary according to Indeed.com for Penetration Tester in Washington, DC

EXCELLENCE THROUGH EDUCATION

Web App Penetration Testing with Burp Suite

Training objectives:• Web app pen testing fundamentals

• Web app security fundamentals

• OWASP Top 10 (2017 list)

• OWASP Test Framework

• Burp Suite fundamentals

Target audience:• Beginner-intermediate

• Some web dev or pen test background helpful but not required

• Red team and blue team are both welcome

• Red team will learn how to effectively pen test web apps

• Blue team will learn real-world hacker TTPs and how to detect web app attacks

Be Social With Us!www.IntellectualPoint.com (571) 577-7890 Or (703) 554-3827 • info@intellectualpoint.com

• Injection (A1:2017)

• Broken Authentication (A2:2017)

• Sensitive Data Exposure (A3:2017)

• XML External Entities (XXE) (A4:2017)

• Broken Access Control (A5:2017)

• Security Misconfiguration (A6:2017)

• Cross-Site Scripting (XSS) (A7:2017)

• Insecure Deserialization (A8:2017)

• Using Components with Known Vulnerabilities (A9:2017)

• Insufficient Logging & Monitoring (A10:2017)

Ben brings a diverse background in cybersecurity, IT, law, and law enforcement to Polito. Ben leads Polito’s commercial cybersecurity services including web app / mobile app / network penetration testing and incident response for clients in the healthcare, banking, IT, critical infrastructure, and other industries. After earning his JD from William & Mary School of Law in 2010 and providing IT and e-discovery support to law firms, Ben joined Booz Allen Hamilton as a cyber security consultant in 2012. While a member of Advanced Persistent Threat (APT) hunt teams assigned to commercial and federal clients, Ben sharpened his network security monitoring, forensics, incident response, malware analysis, cyber threat intelligence, and security architecture skills. He has earned the CISSP, GIAC Certified Forensic Analyst (GCFA), GIAC Web Application Penetration Tester (GWAPT), and Splunk Certified Power User certifications. Ben is a member of the Maryland bar and volunteers at a pro bono legal clinic.

OWASP Top 10 2017 (most current) - what we’ll be teaching;

About the Instructor: