The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels. This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization.
The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work. The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation. This methodology provides a comprehensive standard for assessing applications and APIs.
The following serves as a tentative agenda for this class. The class is regularly updated to incorporate the latest information on modern web application concepts and attacks.
Students attending this class should, at a minimum, have familiarity with the following concepts:
To perform lab exercises, this class requires the use of a laptop with:
note: We also have an AWS Workspaces (VDI) option.
The pricing for this class is available as either per-seat (convenient for events) or at a flat rate for an instructor: