Added new lab taught by Raul Siles on web pentesting Samurai-WTF

December 23, 2011

Added a new lab to RootedLabs 2012 which will be taught by Raul Siles on how to analyze and exploit web applications using the framework Samurai-WTF .

Raul Siles is the founder and Taddong security analyst. His more than 10 years of experience providing services and advanced security solutions in different sectors including architecture design and review of security penetration testing, incident investigation, forensics and security research in new technologies such as web applications, wireless, honeypots, virtualization, mobile and VoIP. Raul is one of the few professionals who have earned the GIAC Security Expert (GSE). He is the author and instructor of the SANS courses, regular speaker at security conferences, published books and articles on safety, and contributes to research projects and open source. He loves security challenges, and a member of international organizations such as the Honeynet Project, or the Internet Storm Center (ISC). Raul has a Computer Engineering degree from the UPM (Spain) and a Master Degree in security and electronic commerce.

Take the opportunity to attend the official course Samurai-WTF ("Assessing and Exploiting Web Applications with Samurai-WTF" of a day) from the hand of one of the members of the project and author of the course! Know, practice and learn the latest open-source tools included in Samurai-WTF, and techniques for penetration testing (penetration tests) in web applications.

After a quick review of the methodology used to perform penetration testing web applications, will deepen the analysis and exploitation of multiple web applications, taking advantage of vulnerabilities and attacks made on both clients and web servers. They use different security tools open-source in each of the target web applications, allowing you to learn first hand the advantages and disadvantages of each tool. Once experience has been gained using the tools of Samurai-WTF, and the existing time constraints, the challenge will be to participate in a challenge or event CTF (Capture the Flag), allowing you to implement the acquired knowledge and experience with your favorite tools. Experience will help you have more confidence and knowledge required to perform security audits and penetration testing web applications, offering a wide range of advanced tools open-source and free.

More information on this and other RootedLabs this link. Places are limited!