Early Bird (< 31st May): SGD2299
Mastering the Skills of Bug Bounty. Burp Suite is the most feature-rich while ZAP is Burp’s free alternative. Tamper data is a browser add-on that only allows the editing of HTTP headers.
- Mastering Burp Suite Pro – Dynamic course Published by admin on September 28, 2020 September 28, 2020. This Course in Dynamic course I.
- Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
- Module 1: Preparing the arsenal / Burp Suite environments. In this module, we will start with setting up Burp Suite environments and play with various features of Burp Suite Professional and Burp Suite free edition to get around the working, spidering, SSL/TLS.
- Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing.
Normal (> 1st June): SGD2799
Seats Available:REGISTRATION CLOSED
Overview
Burp Suite Pro is the leading tool for auditing Web applications at large. Users are mainly penetration testers, QA people, or advanced developers. Mastering Burp Suite allows users to get the most out of the tool, optimizing time spent. Work will be faster, more effective and more efficient. What’s more, advanced techniques allow detection of additional vulnerabilities whether complex or subtle. Possible targets are classic web applications, of course, but also thin clients, mobile applications, internal networks or complex cloud deployments. Attendees will learn to measure the quality of their attacks, a crucial skill in real-life engagements. Finally, alternative strategies and techniques will be demonstrated, giving a wider view of available functionalities.
Who should attend
– Web application penetration testers
– QA people and advanced developers
– QA people and advanced developers
Whatever your role, this training will provide beneficial automation skills whether novice or expert:
– Novice: a 30 minute pre-sesssion warm-up will set you up for the core training
– Expert: been using Burp Suite for years? Never fear! Numerous optional challenges will develop your fu
– Expert: been using Burp Suite for years? Never fear! Numerous optional challenges will develop your fu
The training is based on 40+ micro-challenges replicating real-life scenarios:
– Complex brute-force, data extraction, custom formats
– Thin clients, ACL, cryptography
– Anti-CSRF tokens, aggressive disconnection
– And more!
– Thin clients, ACL, cryptography
– Anti-CSRF tokens, aggressive disconnection
– And more!
Hardware / Software Requirement
Laptop with Ethernet connectivity
OS supported by Burp Suite Pro (Mac, Windows or Linux)
Recent JVM (preferably the Oracle one)
Text editor with syntax highlighting
Modern browser (no IE6, no Epiphany)
OS supported by Burp Suite Pro (Mac, Windows or Linux)
Recent JVM (preferably the Oracle one)
Text editor with syntax highlighting
Modern browser (no IE6, no Epiphany)
What to expect
3 days of hands-on practice!
Copy of the 40+ challenges
Slidedeck (~350 pages)
A temporary Pro license (if needed)
Some Burp Suite goodies
Copy of the 40+ challenges
Slidedeck (~350 pages)
A temporary Pro license (if needed)
Some Burp Suite goodies
What _NOT_ to expect
A Web penetration testing methodology: the goal is to master the toolbox
Agenda
Please note that depending on my daily experiences, your own interests, the features recently added to Burp Suite and the phases of the moon, the following plan may evolve.
Day 1
Introduction to Burp
GUI, tools, audit workflow, inline help
Proxy module
Scope, filters, sorting
Repeater module
Exploitation of the D-Link DIR-100 backdoor, efficiency tips
Intruder module
Covering every attack type and most payload types
GUI, tools, audit workflow, inline help
Proxy module
Scope, filters, sorting
Repeater module
Exploitation of the D-Link DIR-100 backdoor, efficiency tips
Intruder module
Covering every attack type and most payload types
Day 2
Advanced Proxy module
Live modifications, interception and manual analysis
Sequencer module
Token analysis
Advanced Intruder module
Reusing configuration options, non default columns
Authentication and authorization module
Horizontal and vertical privileges escalation
Live modifications, interception and manual analysis
Sequencer module
Token analysis
Advanced Intruder module
Reusing configuration options, non default columns
Authentication and authorization module
Horizontal and vertical privileges escalation
Day 3
Macros and sessions module
Transparent management of anti-CSRF tokens and short sessions
Extensions module
Catalog of public extensions, developing your own …
Transparent management of anti-CSRF tokens and short sessions
Extensions module
Catalog of public extensions, developing your own …
Location: InterContinentalDate: August 22, 2016Time: 9:00 am - 6:00 pmNicolas Gregoire
DURATION: 3 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: REGISTRATION CLOSED
EUR2599 (early bird)
EUR2999 (normal)
![Mastering Burp Suite Professional Mastering Burp Suite Professional](/uploads/1/3/7/1/137179003/750863620.jpg)
Early bird registration rate ends on the 12th of January
Overview
Burp Suite Pro is the leading tool for auditing Web applications at large. Users are mainly penetration testers, QA people, or advanced developers. Mastering Burp Suite allows users to get the most out of the tool, optimizing time spent. Work will be faster, more effective and more efficient. What’s more, advanced techniques allow detection of additional vulnerabilities whether complex or subtle. Possible targets are classic web applications, of course, but also thin clients, mobile applications, internal networks or complex cloud deployments. Attendees will learn to measure the quality of their attacks, a crucial skill in real-life engagements. Finally, alternative strategies and techniques will be demonstrated, giving a wider view of available functionalities.
Who should attend
Mastering Burp Suite Professional Edition
– Web application penetration testers
– QA people and advanced developers
– QA people and advanced developers
Whatever your role, this training will provide beneficial automation skills whether novice or expert:
– Novice: some pre-sesssion exercises will set you up for the core training
– Expert: been using Burp Suite for years? Never fear! Numerous optional challenges will develop your fu
– Expert: been using Burp Suite for years? Never fear! Numerous optional challenges will develop your fu
The training is based on 40+ micro-challenges replicating real-life scenarios:
– Complex brute-force, data extraction, custom formats
– Thin clients, ACL, cryptography
– Anti-CSRF tokens, aggressive disconnection
– And more!
– Thin clients, ACL, cryptography
– Anti-CSRF tokens, aggressive disconnection
– And more!
What students should bring
Laptop with Ethernet connectivity
OS supported by Burp Suite Pro (Mac, Windows or Linux)
Recent JVM (preferably the Oracle one)
Text editor with syntax highlighting
Modern browser (no IE6, no Epiphany)
OS supported by Burp Suite Pro (Mac, Windows or Linux)
Recent JVM (preferably the Oracle one)
Text editor with syntax highlighting
Modern browser (no IE6, no Epiphany)
What to expect
3 days of hands-on practice!
Copy of the 40+ challenges
Slidedeck (~350 pages)
A temporary Pro license (if needed)
Some Burp Suite goodies
Copy of the 40+ challenges
Slidedeck (~350 pages)
A temporary Pro license (if needed)
Some Burp Suite goodies
What _NOT_ to expect
A Web penetration testing methodology: the goal is to master the toolbox
Agenda
![Professional Professional](/uploads/1/3/7/1/137179003/698291060.png)
Please note that depending on my daily experiences, your own interests, the features recently added to Burp Suite and the phases of the moon, the following plan may evolve.
Day 1
Introduction to Burp: GUI, tools, audit workflow, inline help, …
Proxy module: scope, filters, sorting, …
Repeater module: exploitation of the D-Link DIR-100 backdoor, efficiency tips, …
Intruder module: covering every attack type and most payload types
Proxy module: scope, filters, sorting, …
Repeater module: exploitation of the D-Link DIR-100 backdoor, efficiency tips, …
Intruder module: covering every attack type and most payload types
Day 2
Advanced Proxy module: live modifications, interception and manual analysis, …
Sequencer module: token analysis
Advanced Intruder module: reusing configuration options, non default columns, …
Auth module: horizontal and vertical privileges escalation
Sequencer module: token analysis
Advanced Intruder module: reusing configuration options, non default columns, …
Auth module: horizontal and vertical privileges escalation
See Full List On Portswigger.net
Day 3
Burp Suite Professional Download
Macros and sessions module: transparent management of anti-CSRF tokens and short sessions
Extensions module: catalog of public extensions, developing your own, REST API, …
Recently added tools: Collaborator, ClickBandit, Infiltrator
Extensions module: catalog of public extensions, developing your own, REST API, …
Recently added tools: Collaborator, ClickBandit, Infiltrator
Mastering Burp Suite Pro - Dynamic Course
Location: Training RoomsDate: April 9, 2018Time: 9:00 am - 6:00 pmNicolas Gregoire