INFILTRATE TRAINING: Websploitation

[Dave Aitel <dave () immunityinc com>]

We renamed all of our training to be extra witty, but witty is the same
thing as confusing especially when combined with ICQ decodes in IPS
products that contain exploitable buffer overflows in them.

See what I did there? No? Ok, nevermind. According to Ben Nagy I am "not
funny".

Anyways,  I wanted to point out that the cleverly named "Websploitation"
class is really two classes. The first two days cover SQLi and XSS and
XXE and all the things you see a modern penetration tester use, all very
hands on, but things you've heard of. The third day is a "stretch day"
which covers web crypto. I love this day, because you can have people
who already are good penetration testers come in and then get their
minds blown about Padding Oracle attacks and various wacky crypto
tricks. It's fun. We've put a lot of work into building special purpose
web applications to visualize and teach the concepts here.

Anyways, join us for the class!

Thanks,
Dave Aitel
Immunity, Inc.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave