Loading Events

« All Events

  • This event has passed.

Secure Ideas – Professionally Evil Application Security Workshop

October 21, 2019 @ 9:00 am - October 23, 2019 @ 4:30 pm


Special Offer: The first 15 registrants will receive $300 off registration with the discount code: APPSEC

Veteran and Active Duty service members receive 50% off the full cost of this training. Please contact cyber@wmcat.org for more information.


Deadline:          October 1, 2019


The Professionally Evil Application Security (PEAS) course is a 3-day class designed to teach developers, IT professionals, and penetration testers of all skill levels. This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organizations.

The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work. The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation. This
methodology provides a comprehensive standard for assessing applications and APIs.

Students use the SamuraiWTF project environment to learn both attacks and defenses while in class. This environment provides realistic targets and tools which enables the attendees to understand how the techniques taught are used in the real world. The course finishes with a capture-the-flag (CTF) event. In this event, attendees assess and exploit a modern organization’s application. This capstone exercise is designed to pull together all of the knowledge, techniques, and exploits.

Completing this course meets all of the requirements for developer training as part of PCI-DSS.


Course Syllabus:

Standards & Guidelines
– other
– Tools used in assessing application
– Test Lab & Class Targets
Testing Methodology Overview
– Reconnaissance
– Mapping
– Discovery
– Exploitation
Server-Side Vulnerabilities
– Authentication and Session Management Issues
– Access Control Flaws
– Sensitive Data Exposure
– Injection Flaws
– Tool Set
– Attack Sources
– Context Understanding
Testing Web Services
– Overview
– Tools for testing web services
– Critical Skills for running web services
– Web service vulnerabilities
Client-Side Vulnerabilities
– Cross-Site Scripting (XSS)
– Open Redirects and Forwards
– Cross-Site Request Forgery (CSRF)
Logic Flaws
– Business Logic Issues
– Race conditions and TOC/TOU issues
– Logging & Monitoring
Capture The Flag


About Secure Ideas:
Secure Ideas is a dedicated team of experts who are passionate about technology and information security. Our primary objectives are to help companies improve their security postures and to train the next generation of security professionals.

Learn more at: https://www.secureideas.com/


October 21, 2019 @ 9:00 am
October 23, 2019 @ 4:30 pm
Event Categories:


614 First St NW, Suite 300
Grand Rapids, MI 49504 United States
+ Google Map