Dr.Ing. Mario Heiderich, Cure53 Germany
17th to 19th March, 2020 | Bengaluru, India
Dr.-Ing. Mario Heiderich, handsome heartbreaker, Bon-Vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than and leads a small yet exquisite pen-test company. He commonly pesters peaceful attendees on various capitalist conferences with powerpoint slides and profanities. Wherever Mario goes, bad weather and thunderstorms follow him. Doctors worldwide are clueless about this extraordinary condition of his.
"Exploit the seemingly unexploitable"
SecureLayer7 is coming up with a training program in Bengaluru, India, specially crafted for IT professionals to secure their applications. This program is designed for developers, defenders, and security consultants to equip them with all the latest advancements in Web Application Security Testing.
KEY TAKE-AWAYS OF TRAINING
The training session will present you an opportunity to have hands-on experience with countless tricks and techniques of exploiting the (seemingly) unexploitable! We will cover a great range of modern website bugs and teach you how to make sure that these issues get fixed properly and smoothly.
Security Consultants will get hands on experience on latest techniques and methodologies to exploit any web-application with unknown legacy features or the half-baked results coming to your browser.
Developers will gain knowledge and understanding of the concepts, standards and precautionary measures for developing a highly secure web application.
The top management will be able to understand the risks in Business continuity with a vulnerable application in order to take well informed decisions".
Glimpses of past event
Tracks at a Glance
"Why we are here today? Let's learn why client-side security is in a close relation with websecurity challenges for many and blessing for few - and what the foundation of this claim might be."
The Very Basics
"Time to learn about the absolute basics of web security and the web itself and see how even they contribute to the complexity and diversity of this topic. Learn about client and server side security."
"Let's now have a look at attack techniques that are useful but didn't really fit into any of the chapters we covered before. Stuff, that few people know, things that will help you pop an alert where others fail."
"We will now have a look at the basic defense techniques – and see which attacks will be covered by them and why it sometimes works and sometimes won't. Let's start about defence"
"Cross-Site Scripting has been around for 15 years – and is still not solved. We'll see why, how it affects us and will focus on how we can at least solve it for our web-applications"
"The place where no one hears you scream. Literally. This place has everything a classic Hall of Mirrors offers – and that's often great for us. The attackers."
"HTML5 makes the browser become the new OS. Step by step. How is this important for us and what should we know about the resulting threats?"
"Mixing two unrelated standards and hoping nothing goes wrong is one thing. That we all have to deal with it now is another. Say hello to SVG."
"Let's now cover the browser itself and the remaining slices of the attack-surface cake. Let's also see how we can use the browser to protect our apps a bit better!"
"Not only browsers are capable of using and producing markup. Other applications like OpenOffice and Word use XSL too and the Acrobat Reader can even script quite well!"
Conclusion and Outlook
"This final chapter will cover issues, expect to see within the next session. Knowing the attacks and help us understand future attack surface and deliver better pentests"
Download Application security training sample slides to know more about the training contentDownload