I'm writing these lines from Baltimore MD, where SANSFIRE conference has taken place. I was taking the SEC 542 Web App pen testing class with Kevin Johnson from Inguardians.com and the founder of the SAMURAI web application pen testing environment. It's a great class with a lot of experience being transferred from Kevin who is an excellent experienced security consultant. Learning the whole methodology and process of pen testing is really worth it. I've been doing pen testing for a while now, but this is like defining a process to follow. A guideline similar to the waterfall model used in software development for example.
At the end of the class there is a capture the flags contest, where all the students compete in teams to hack a list of web servers and capture three flags. It was really fun popping those boxes. Me and my team won the 1st place capturing all the three flags in less than 3 hours. Also one of the bugs exploited that I found myself that Kevin himself was not aware of and when we told him about it he was like "OMG! I'm gonna kill ya! DID I DO THAT?!".
It was an excellent overall experience although I was looking forward to more technical information. The transfer of knowledge was excellent, the exercises were to the point and realistic. And the competition at the end really summed it all up where we went through a full test with all it's phases.
No comments:
Post a Comment