Crash Course Series

Uncovering the Top Application Security Vulnerabilities

Register Now!

Crash Course Series

The easiest and quickest way to identify potential flaws and weaknesses in your applications and websites is to “Hack Yourself First.” In this web application security training series, you’ll gain deeper understanding of the most common vulnerabilities targeted by hackers, as well as defensive tactics you can use to safeguard your apps from being exploited.

WhiteHat Security pioneered application and web site security, and this series will be led by the head trainer from our Threat Research Center.

In the complimentary, simulive Crash Course series, you’ll learn:

  •  The most common web application vulnerabilities
  •  How to recognize these vulnerabilities in your own apps and websites
  •  How an attack might occur
  •  Infamous past exploits
  •  Defensive tactics for each vulnerability class

Register for a single course or the entire webinar series. Registration is limited and seats will be assigned on a first-come, first-served basis.

NOTE: Each webinar is two hours long. Attendees will receive a Certification of Completion for CPE credits after each session.


Part 1: Preparing for Attack
Tuesday, September 5, 2017
10:00am – 12:00pm PT
Attackers “fingerprint” targeted web application for clues about the system, including server version numbers, software information, and verbose error messages. Fingerprinting is a critical step in preparing for an attack, as it allows hackers to look up existing common vulnerabilities and exposures to pinpoint their efforts. This webinar will focus on the vulnerability classes that allow hackers to prepare for an attack, including:

  •  Information leakage/fingerprinting
  •  Predictable resource location
  •  Directory indexing
  •  Brute force
  •  Insufficient transport layer protection
  •  Zero-day vulnerabilities such as POODLE, HeartBleed, Shell-Shock, and Java deserialization


Part 2: Abusing a User’s Trust
Tuesday, September 12, 2017
10:00am – 12:00pm PT

This webinar will cover common vulnerabilities that are exploited by abusing a user’s trust in a site or application, including:

  •  Cross-site scripting (XSS)
  •  Filter evasion for XSS
  •  Social engineering
  •  Content spoofing
  •  URL redirector abuse

By manipulating the user’s confidence that a popular website is secure, a hacker can mount social engineering attacks to steal user information and accounts, redirect unsuspecting victims to dangerous locations, and cause other detrimental consequences.


Part 3: Abusing a Site’s Trust in the User
Tuesday, September 19, 2017
10:00am – 12:00pm PT
Following up on part 2 of the series, this webinar flips the equation and focuses on common vulnerabilities that abuse the trust an application has for users and their browsers, including:

  •  Cross-site request forgery
  •  Session fixation
  •  SQL injection
  •  Abuse of functionality
  •  Business logic flaws and insufficient process validation

Most of these security holes deal with what is known as the confused deputy problem, which involves the application being tricked into misusing its authority.

These courses are led by Kimberly Chung, Head Trainer for WhiteHat Security’s Threat Research Center. Her primary responsibilities are to equip new hires with the practical knowledge and expertise required to perform vulnerability verification, DAST configuration, and manual business logic assessments.


Kimberly Chung

Head Trainer of the TRC
WhiteHat Security