Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

SANS Web App Penetration Testing and Ethical Hacking Class – DAY 1

SANS Web App Penetration Testing and Ethical Hacking Class – DAY 1

DAY 1:

The first day on most classes of this type seems to be a basic outline day. As usual everybody needs to be at the same level for the remaining 3 days of the course, this is a must. Overall the first day covered things that most people who work as a penetration tester will already know. Then again, there are others moving into this area that need the review. A review on the HTTP METHODS was interesting, especially the section on the CONNECT method. The real benefit for me though was the detailed run-through of the authentication options. I managed to get a few minutes to read through the RFC on Digest Authentication and reenact the challenge response process at the command line (using openssl with the MD5 option). It’s always good to understand how it works behind the scenes.

Raul Siles has a good teaching style (as I learned in the VoIP Security class) so I’m looking forward to the next 3 days. I’m hoping for a couple of nuggets of pure gold from the course. We’ll see how days 2,3 and 4 go.

Update: From comments on Twitter it looks like Ed Skoudis is working on an update to the class. From what I’ve heard it looks like it will be a 6 day class in the future, so should cover some more in-depth topics in later versions of the class.

About these ads

One response to “SANS Web App Penetration Testing and Ethical Hacking Class – DAY 1

  1. Pingback: GWAPT / SEC542 « Ramblings of the änal security guy

Follow

Get every new post delivered to your Inbox.

Join 118 other followers

%d bloggers like this: