Advanced Web Application Pen-Testing: Web 2.0 Edition

Aspect Security

Register Now // july 24 - 27

USA 2010 Weekend Training Session //July 24-25

USA 2010 Weekday Training Session //July 26-27


While all developers need to know the basics of web application security testing, application security specialists should know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Application Penetration Testing: Web 2.0 Edition course adds on the challenges of testing Web 2.0 applications. The course is taught by an experienced application security practitioner in an interactive manner.

This two day course is designed to teach existing web application developers or security people with a programming background how to comprehensively find security issues in an application. Many people can “poke holes” into an application, but putting out consistent, comprehensive security evaluations requires more diligent study. Participants of this course will learn how to scope a security review and then prioritize the work, understand the manual and automated tools and techniques available and when to apply them, and learn how to determine the real risk value of a vulnerability to an organization. In order to achieve these goals, students will assess the OWASP Top Ten security areas within a real world application.

This course will utilize a modified version of the Java Pet Store J2EE web application provided by the Blueprints project. Not only will we identify vulnerabilities introduced into the application, but students will also be asked to identify actual 0-day vulnerabilities existing in the Java Pet Store baseline! Students gain hands-on testing experience with freely available web application security test tools to find and diagnose flaws and learn how to identify them in their own projects. Because finding flaws is worthless without effective communication, the course also covers the process of creating and communicating software security flaws effectively.

Who Should Attend

The intended audience for this course is:

  • Software security testers and code reviewers
  • Designated security experts
  • Architects with a desire to understand more about securityv

Aspect will provide each student with a hardcopy of the materials and a self contained installation CD containing class labs, exercises and tools (WebScarab, WebGoat) which will be installed as part of the class and removed at the close of class.


Aspect Security's instructors are professional software developers who have dedicated their career to application security. Our instructors spend the majority of their time working with clients to secure critical web applications using a wide variety of web application technology. This practical experience allows our instructors to have interesting discussions about real-world problems that drive home the lessons being taught.

They understand the types of mistakes that are commonly made in the development and deployment of applications, products and systems. This allows us to help our clients raise awareness and knowledge regarding secure development practices

Super Early:
Ends Apr 1

Ends May 15

Ends Jun 15

Ends Jul 23