SECURE IDEAS TRAINING

Professionally Evil Application Security

The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels. This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization.

2022_sticker01_twitter
WE UNDERSTAND THAT NOT EVERYONE CAN AFFORD THE TRAINING THEY NEED

Let Us Empower You

As one of the fastest-growing industries in the world, Cybersecurity suffers from a considerable skills gap in employable and skilled candidates. The old models of expensive training reserved for top performers no longer fits the needs of the industry, and the economic difficulties of the past few years have demonstrated that affordable training is mandatory to match candidates with employment opportunities. Secure Ideas is proud to offer the "Pay What You Can" model for our Professionally Evil Application Security Course.

puzzle-piece-2

$199

PWYC-199*

*For this price, copy the code above and apply it on the Cart page of Secure Ideas Training

puzzle-piece-4

$400

PWYC-400*

*For this price, copy the code above and apply it on the Cart page of Secure Ideas Training

puzzle-piece-6

$800

PWYC-800*

*For this price, copy the code above and apply it on the Cart page of Secure Ideas Training

Class Duration

  • 3 days

Class Synopsis

The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels. This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization. The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work. The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation. This methodology provides a comprehensive standard for assessing applications and APIs.

Agenda

The following serves as a tentative agenda for this class. The class is regularly updated to incorporate the latest information on modern web application concepts and attacks.

  • Introduction
  • Standards & Guidelines
    • PCI
    • HIPAA
    • OWASP®
    • Other
  • Preparation
    • How the web works
    • Tools used in assessing application
    • Test Lab & Class Targets
    • Testing Methodology Overview
  • Methodology
    • Reconnaissance
    • Mapping
    • Discovery
    • Exploitation
  • Server-Side Vulnerabilities
    • Authentication and Session Management Issues
    • Access Control Flaws
    • Sensitive Data Exposure
    • Injection Flaws
    • Buffer Overflows
    • Fuzzing
    • Testing Web Services
    • XML External Entity (XXE)
  • Client-Side Vulnerabilities
    • Cross-Site Scripting (XSS)
    • Open Redirects and Forwards
    • Cross-Site Request Forgery (CSRF)
  • Logic Flaws
    • Business Logic Issues
    • Race conditions and TOC/TOU issues
  • Logging and Monitoring
  • Report Writing
  • Capture-the-Flag Exercise

Prerequisites

Prerequisites
Students attending this class should, at a minimum, have familiarity with the following concepts:

  • How the web works
  • HTML
  • JavaScript

Equipment
To perform lab exercises, this class requires the use of a laptop with:

  1. A minimum of 8 GB RAM
  2. A minimum of 40 GB Free disk space
  3. Oracle VirtualBox installed and running

Note: We also have an AWS Workspaces (VDI) option.


INSTRUCTOR FLAT RATE

$10,500*

flat rate

up to 30 students

*Price does not include travel or cost of additional instructors for larger classes.


  • Corporate rate
  • In person, on-site
  • Lecture & Labs
  • Your venue

PER-SEAT RATE

$1000*

per student rate

minimum 15 students

*Price does not include travel.


  • Best for Events
  • In-person, on-site
  • Lecture and Labs
  • Your venue

COMPRESSED RATE

$8500*

flat rate

up to 30 students

*Price does not include travel.


  • Corporate rate
  • Shorter class, fewer labs
  • In-person, on-site
  • Lecture and Labs
  • Your venue

Our next run of Professionally Evil Application Security is March 1-3, 2022.

Sign up on Secure Ideas Training today!

img-calendar-peas-march-2022