Although the exploitation phase is where we all have the most fun, it’s important for our clients to ensure we have as much coverage of the application as possible. One key point raised, and one that most people ignore, was the requirement to finish discovery of flaws ( or potential flaws) in an application, BEFORE starting to exploit them. SEC642 is strongly focused on the discovery and exploitation of vulnerabilities, but the importance of recon and mapping was emphasised during the process, as well as the process used to work through an application from initial recon through to the exploitation phase. As I’ve had a few people ask about the class I thought I’d write-up some thoughts as I go through the class… Hope they come in handy for people interested in the class content! Day 1ĭay 1 kicked off with a quick refresher on the testing methodology to ease people into things. Salepage : SANS SEC642 – Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015Īrichive : SANS SEC642 – Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015Īfter taking a year off from SANS London ( a trip to Colombia was too much to resist last year), I flew back over to sunny London ( ha) to attend the new SEC642: Advanced Web App Penetration Testing class with Justin Searle. SANS SEC642 – Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques 2015