VolatileMinds

Application Security and Software Consulting


Training Opportunities

VolatileMinds offers two one-day training classes focusing on auditing web applications for vulnerabilities. Price per student differs based on class size.

These classes are highly recommended for software/test engineers focused on engineering web applications, as well as information security professionals wanting more experience in offensive vulnerability exploitation.

Web Application Hacking Basics

This one day class focuses on teaching how to start finding and exploiting common web application vulnerabilities (Cross-Site Scripting, SQL Injection, Remote Command/Code Execution), first by hand, and then with common tools.

Real world web applications are used to demonstrate each vulnerability, after learning the basics in an intentionally vulnerable web application called BadStore.

Students end the day having covered the basics of the most prevalent types of web application vulnerabilities, as well as seeing how these can impact applications in the real world.

Requirements:
  - Laptop
  - Burpsuite/ZAP
  - Firefox web browser
  - sqlmap


Advanced Web Application Hacking with Metasploit

This one day class builds on the previous Web Application Hacking Basics class, but can be taken separately if you are already familiar and experienced with SQL injection or remote code/command execution.

Taking the real world vulnerabilities from the previous day to the next level, we quickly rehash by exploiting them by hand using Burp Suite or common tools. Then we weaponize the vulnerabilities while learning the ropes of writing Metasploit exploit and auxiliary modules.

By the end of the day, we will have written two exploit modules and one auxiliary module.

  - Laptop
  - Burpsuite/ZAP
  - Firefox web browser
  - sqlmap
  - Metasploit