The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
Wednesday, January 23 • 9:00am - 5:00pm
The Bug Hunter's Methodology [Day 2 of 2]

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Course Abstract

The Bug Hunter's Methodology is a comprehensive two day training on offensive web security testing. It is primarily focused for web application security testers and bug bounty hunters. TBHM focuses on the newest tools and techniques for web application testers. The class goes over such topics as:

  • Advents in web recon
  • Prioritizing target testing areas by technology and features
  • Crash course on Burp Suite
  • Blind XSS
  • Server-side template injection
  • Server-side request forgery
  • Code injection (SQLi, PHP, ++)
  • XXE
  • Robbing misconfigured infrastructure (AWS)
  • git pillaging
  • Github robbing
  • CI/Code repositories exploitation
  • Subdomain takeover
  • and more!

Training Syllabus

Day 1:

Emergent web recon (Large Module, LIVE labs)
- IP enumeration (ASNs and Cloud)
- Brand Enumeration (Acquisitions, RevWHOIS, Reverse tracker Analysis)
- Subdomain Enumeration (Scraping and Bruteforcing)
- Effective Port Scanning
- Version based vulnerability analysis
- Directory Bruteforcing / Content Discovery best practices
- Prioritizing target testing areas by technology and features

Crash course on Burp Suite
- Burp Setup and helpers
- Burp proxy and scope
- Burp Intruder
- Burp Repeater and configuration setting
- Getting to know Burp through use-cases: LABS

Blind XSS
- An introduction to BXSS
- Available BXXS frameworks

Server-side template injection
- An introduction to SSTI
- SSTI Identification
- SSTI Tooling

Day 2:

Server-side request forgery
- An introduction to SSRF
- SSRF Identification
- SSRF Tooling

Code injection (SQLi, ++)
- Common (still available today) types of code injection
- SQLmap crash course
- SQLi common areas

XML External Entity Injection
- An introduction to XXE
- XXE Identification
- XXE Tooling / payloads

Access Control Testing
- The ever-giving IDOR and MFLAC
- Examples

Robbing misconfigured infrastructure
- introduction to AWS s3 Permissions
-- Labs
- git pillaging
-- Labs
- Github robbing
-- Live exercise
- CI/Code repositories exploitation (no lab)
- Subdomain takeover
-- Labs

Upon Completion of this training, attendees will know:

At the end of this course, students should have some solid fundamentals in web testing for vulnerabilities that are more likely to show up in the wild TODAY. Not only does the course aim to arm the student with the technique, tools, and labs, but also a contextual and data-driven methodology on where and how to look for each vulnerability.

Attendees should bring:

Laptop, Burp Suite (PRO preferably), VM or equivalent access to *nix command line.

Pre-requisites for attendees:

General Web application security testing knowledge required.
Some topics will assume some knowledge of OWASP Top Ten type vulnerabilities.

avatar for Jason Haddix

Jason Haddix

VP of Researcher Growth, Bugcrowd
Jason is the Director of Technical Operations at Bugcrowd. Jason trains and works with internal analysts to triage and validate hardcore vulnerabilities in mobile, web, and IoT applications/devices. He also works with Bugcrowd to improve the security industries relations with the... Read More →

Wednesday January 23, 2019 9:00am - 5:00pm
Sand and Sea Room