Manners maketh man. Skills maketh hacker.
Maven Security is proud to offer hands-on training focused on remote web app security testing with Burp Suite Pro.
Leveraging our decade-and-a-half of hands-on training at conferences, along with our extensive real-world use of Burp Suite Pro for our professional ethical hacking services, has resulted in practical and well vetted training materials.
A typical course is listed below. However, custom-fit training is also available to meet your needs. Our training can be targeted for students ranging from beginners up to expert level.
Get your cybersecurity training bespoke, never off the peg.
Contact us for details.
When & Where?
Public Courses
We will be offering Burp Suite Training at the following public events:
To see all of our public events (not just those involving Burp Suite) check out our News & Events page.
Private Corporate Training
Do you have several people that could benefit from Burp Suite training? If so review the course descriptions below and contact us for details.
Online Training
Under construction. Email us to be put on the notification list.
Featured Course: Hands-on Web App Hacking with Burp Suite
Course Objectives:
- Understand the security threats facing web applications
- Learn to use an industry leading toolset to remotely validate a web application’s security
- Enhance secure programming practices by raising awareness and giving programmers the tools needed to audit their code from the user’s perspective.
Course Format:
Two full day courses, each of which can be stand-alone. Day one is focused on the basics, and day 2 covers more advanced material. Both days will feature lecture, demos, and hands on labs. Full course abstract is available. The hands-on portion of the course utilizes the Web Security Dojo training environment to minimize the facility requirements, and enable students to continue practicing their new found skills after the course ends.
Day 1:
- Web Primer (HTML, HTTP, Cookies, the basics)
- Introduction to Burp Suite
- Threat Classification Systems (OWASP Top Ten & WASC Threat Classes)
- Vulnerability Category: A1: Injection (SQL, XML entity, etc)
- Vulnerability Category: A3: Cross-Site Scripting (XSS)
- Vulnerability Category: A2: Broken Authentication and Session Management
- Vulnerability Category: A5: Security Misconfiguration
- Vulnerability Category: A9: Using Components with Known Vulnerabilities
- Overall Testing Advice & Strategies – Real-world advice from the trenches
Day 2:
- Burp Suite Redux
- Vulnerability Category: A4: Insecure Direct Object References
- Vulnerability Category: A8: Cross-Site Request Forgery (CSRF)
- Vulnerability Category: A7: Missing Function Level Access Control
- Vulnerability Category: A6: Sensitive Data Exposure
- Vulnerability Category: A10: Unvalidated Redirects and Forwards
- Leveraging Automated Tools – Speed, Safety, Accuracy, and Limitations
- Burp automation: Session handling tools and extensions
- Overall Testing Advice & Strategies – Real-world advice from the trenches
Additional content under development:
- Advanced Burp Suite Usage