Monday 26 August 2013

SANS 542 - Web Application Penetration Testing: Day 1

SANS 542.1
The Attacker's View of the Web




Location: Bangkok's Crowne Plaza Hotel

Topics covered during Day 1:

>Setting up Samurai WTF
> Web Site Server Architecture
>Understanding HTTP protocol
>Pentesting Types and Methods
>Components of Web App pentest
>Reports of findings
>Attack Methodology
>Types of Flaws
>Javascript

While many of the day 1 lesson covered i already have the knowledge, there were also many that i learnt such as analyzing HTTP using Wireshark and Paros Proxy. Also i learnt how to decrypt HTTPS communication using Wireshark. Basic Javascript attacks such as XSS were introduced and will be covered more in the other days and im so looking forward for that! The trainer was from Belgium and he had a great command of the English language that could easily understood. Can't wait for day 2.

2 comments:

  1. It is a great course! If you are doing the GWAPT Certification I recommend this article on how to make a good index. "SANS Index How To Guide with Pictures" http://digitalforensicstips.com/2012/11/sans-index-how-to-guide-with-pictures/

    ReplyDelete
    Replies
    1. Hi Paul,

      Thank you for the comment and link! I just finished the course yesterday and it was really good and i enjoyed my 6 days training there. And best part was, our team won the CTF on the last day! :)

      Delete