SEC642: Advanced Web App Penetration Testing and Ethical Hacking

A session at SANS London 2012

  • Justin Searle

This course is designed to teach you the advanced skills and techniques required to test web applications today. This advanced pen testing course uses a combination of lecture, real-world experiences, and hands-on exercises to educate the you in the techniques used to test the security of enterprise applications. The final day of the course culminates in a Capture the Flag (CtF) event, which tests the knowledge you will have acquired the previous five days.

We will begin by exploring specific techniques and attacks to which applications are vulnerable. These techniques and attacks use advanced ideas and skills to exploit the system through various controls and protections. This learning will be accomplished through lectures and exercises using real world applications.

We will then explore encryption as it relates to web applications. You will learn how encryption works as well as techniques to identify the type of encryption in use within the application. Additionally, you will learn methods for exploiting or abusing this encryption, again through lecture and labs.

The next day of class will focus on how to identify web application firewalls, filtering, and other protection techniques. You will then learn methods to bypass these controls in order to exploit the system. You'll also gain skills in exploiting the control itself to further the evaluation of the security within the application.

About the speaker

This person is speaking at this event.
Justin Searle

Sign in to add slides, notes or videos to this session

SANS London 2012

England England, London

26th November to 3rd December 2012

Tell your friends!


Date Mon 26th November 2012

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session