All rights reserved. 2018
ALEXEY KUZNETSOV
Web application security is one of the fundamental skills for the modern practical information security specialist. The course covers a wide range of topics, from web application vulnerabilities to secure development standards and methodologies. It teaches students to employ a methodological and practical approach to web application penetration testing.
WEB APPLICATION SECURITY
Students will learn:
- web technology concepts (protocols, network, etc)
- web application evolution
- web application development concepts
- web application architecture
- web application threat model
- server-side web application vulnerabilities and defense
- client-side web application vulnerabilities and defense
- secure development lifecycle
DATE: 9 Mar - 27 Mar, 2020
DURATION: 3 Weeks
LECTURES: 3 Hours per day
LANGUAGE: English
LOCATION: Barcelona, Harbour.Space Campus
COURSE TYPE: Offline
WHAT YOU WILL LEARN
COURSE OUTLINE
Session 1
Introduction. Web application technology and evolution
Session 2
Information gathering. Fingerprinting and enumeration
Session 3
Server-side vulnerabilities. SQL Injections
Session 5
Server-side Vulnerabilities. Server-side template injections, PHP and Java Deserialization
Session 4
Server-side vulnerabilities. XXE and Command and Code Injections
Session 6
Server-side Vulnerabilities. Server-side request forgery, Business logic flaws
Alexey has more than 6 years of work experience in projects related to Cybersecurity. Currently he is the Head of Penetration testing team in BiZone, subsidiary of Sberbank (the largest Russian bank). His responsibilities involve planning, conducting and reporting penetration testing, as well as security assessment. During his career he designed and developed a wide range of software security systems and conducted some research in the area of hardware virtualisation. He is also experienced in mobile application security analysis, web application security auditing. Furthermore, he is interested in IoT information security (connected cars, smart houses, smart city systems) and won a couple of competitions in this area.
Alexey actively participates in CTF competitions. He is also one of the organisers of CTF.Zone contest.
SKILLS:
- Penetration Testing
- Information Security
- Cyber Security
- Programming
- Vulnerability Assessment
- Operating Systems
- Cryptography
- Reverse Engineering
- Open Source Intelligence
ABOUT ALEXEY
MACHINE LEARNING
DATE: 9 Mar – 27 Mar, 2020
DURATION: 3 Weeks
LECTURES: 3 Hours per day
LANGUAGE: English
LOCATION: Barcelona, Harbour.Space Campus
COURSE TYPE: Offline
VLADISLAV LAZAREV
Vladislav have more than six years experience in both defensive and offensive information security with a solid background in information security-related software development. He took part in more than 50 penetration testing, red team and vulnerability assessment projects as a penetration tester and a team lead. Vladislav graduated from the National Research Nuclear University MEPhI (Moscow Engineering and Physics Institute) with a degree in information security. Currently he is a Head of Penetration testing in BiZone.
ABOUT VLADISLAV
HARBOUR.SPACE
Harbour.Space is a university created by entrepreneurs for entrepreneurs. We focus on meeting the demands of the future, while traditional education providers are too often stuck in the past.
We’re one of the only European institutions completely dedicated to technology, design and entrepreneurship, and our interdisciplinary courses are taught by some of today’s leading professionals. Our aim is not only to equip students with the knowledge to take on the real world, but to nurture, create and shape tomorrow’s tech superstars.
HARBOUR.SPACE UNIVERSITY
BIBLIOGRAPHY
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by Dafydd S & Marcus Pinto (Wiley, 2011)
The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski (No Starch Press, 2011)