Bug Bounty - Web Track
When lots of eggs are in one basket and this is an API, a web or mobile application, what the hackers do and how they do it?
Most of the data are now accessed via web applications, mobile and APIs. As today, more than 75% of the attacks in the wild targets web. Bug bounty is also focused more on web, since the apps are more prone to security bugs compared with an infrastructure device.
This training is based on a practical approach of day-by-day situations and it contain labs based on real environments. For the labs, target virtual machines are provided.
The course objective is to help you learn to master the (ethical) hacking techniques and methodology that are used in penetration systems. The course is designed for IT passionate, network and system engineers, security officers.
This course covers both theoretical and practical aspects and contains hands-on labs about hacking systems, networks, wireless, mobile and websites.
Disclaimer: this course is intended for ethical hackers and those who want to protect against this kind of attacks. Those are only theoretical examples in a lab environment. Hacking is illegal without explicit permission!
Senior Information Security Consultant
- I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.
- Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking).
- Make recommendations on security weaknesses and report on activities and findings.
- Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated)
- Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment
- Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.)
- Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures
- Assist with the development of remediation services for identified findings
- Customize, operate, audit, and maintain security related tools and applications
- CEH, ECSA, CHFI from EC-Council
- Cisco CCNA, CCNA Security, Linux Essentials
- Various Custom Trainings
- CREST Registered Penetration Tester (CRT)
- CHFI (Computer Hacking Forensic Investigator)
- ISO 270001 Lead Auditor
- ECSA (EC-Council Security Analyst)
- CEH (Certified Ethical Hacker)
- CCNA and CCNA Security
- CCNP Routing and CCNP Switching
- Advanced Linux&InfoSEC
- VMWare vSphere Install, Configure, Manage
- Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.