courses with hands-on lab and real examples

Courses with lab exercises where students have the chance to test the most commonly occurring vulnerabilities taking their skills to next level!
Our trainings are for Developers, (Penetration) Testers, Hackers, Security Researchers and Humans!

This training provides a theoretical and practical understanding of the most risky vulnerabilities and their combination in the detection and exploitation of them, using the famous Burp Suite hacking tool. It contains numerous real-life examples, with CVEs, Bounties to help attendees understand the true impact of these vulnerabilities.

You will learn how to use the typical functions and those less known, hidden among the tabs of Burp Suite.
Develop the first extension in Python, Ruby or Java and take advantage of the API.

Understand Burp Suite.
Real scenarios and environments with vulnerabilities.
Identify vulnerabilities using the internal tools.
Use typical functions and those less known.

Day 1:
Basic concepts
URL and URI structure
Security Headers
Protocols and authentication
Introduction to Burp Suite
Burp Suite UI
What are those tabs?
Project & User Options

Day 2:
Mobile Apps
The First Extension
Engagement Tools
Vulnerability Lab
OWASP Web Security Top 10
OWASP API Security Top 10
Challenge, CTF!

Who should take this class?
System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

This class familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in Web Application hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities.

Introduction into Web Application hacking.
Practical in focus, teaching how web application security flaws are discovered.
Covers leading industry standards and approaches.
Builds the foundation to progress your knowledge and move into more advanced Web Application topics.

Day 1: Information Gathering, Profiling and Cross-Site Scripting
Understanding HTTP Protocol
Identifying the Attack Surface
Username Enumeration
Information Disclosure
Issues with SSL/TLS
Cross-Site Scripting
Cross-Site Request Forgery

Day 2: Injection, Flaws, Files and Hacks
SQL Injection
XXE Attacks
OS Code Injection
Local/Remote File Include
Cryptographic Weakness
Business Logic Flaws
Insecure File Uploads

Who should take this class?
System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.

A highly-practical class that targets web developers, pentesters, and anyone else wanting to write secure code, or audit code against security flaws. The class covers a variety of the best security practices and in-depth defense approaches which developers should be aware of while developing applications. The class also covers some quick techniques which developers can use to identify various security issues throughout the code review process.

Students can access our online lab which is purposely riddled with multiple vulnerabilities. Students will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the class covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also covers real world issues like various Business Logic and Authorization flaws.

Covers latest industry standards such as OWASP Top 10 with practical demonstrations of vulnerabilities complemented with Hands-on Lab practice.
Insight into the latest security vulnerabilities (such as Host Header Injection, XML Entity Injection,Web-Services and API Security).
Thorough guidance on the best security practices (Introduction to various Security Frameworks and tools and techniques for Secure Development).
References to real world analogy for each vulnerability (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection Vulnerability?).
Online Lab available for practicing during and after the course (2 Days).
Internet distribution of all course materials.

Day 1:
Application Security Basics
Understanding the HTTP protocol
Security Misconfigurations
Authentication Flaws
Authorization Bypass
Cross Site Scripting (XSS)

Day 2:
Cross Site Request Forgery (CSRF)
SQL Injection
XML External Entity (XXE) Attacks
Insecure File Uploads
Client Side Security
Source Code Review
Threat Modelling

Who should take this class?
This training is ideal for: Software/Web developers, PL/SQL developers, Penetration Testers, Security Auditors, Administrators, DBAs and Security Managers.

Trainings are in-company or public based in the amount of candidates. Get in touch

Companies that have placed their trust in us

g&l group