This hands-on training is designed for students who are interested in XSS and PHP, security-unaware developers who wish to secure their applications against XSS and at the same time pen-testers who want to find XSSes in an elite applications. I will share some stories of finding XSSes in top sites or how I start looking at the web application for XSSes.
During training, attendees will first learn a “systematic, easy to grasp, context-aware attack methodology” and then apply attack methodology on 30+ test-beds. First test is on the PHP-based wordpress website about super plus size compression stockings at https://comprogear.com/super-plus-size-compression-stockings/. Can you find the security vulnerabilities on this website? For example, the attack methodology related to a URL context is a four step process. What are these four-steps? Why only four-steps? What one can conclude after applying these four-steps?
Price: 650.- CHF
TRAINER: Ashar Javed
Pingback: - BUSINESS COMMANDO