The Web Application Hacker's Handbook, Live Edition

Marcus Pinto & Dafydd Stuttard | August 2-3 & 4-5

On This Page


Our "Web Application Hacker's Handbook" series is still the most deep and comprehensive general purpose guide to hacking web applications that is currently available. In late 2011, MDSec set up the online training labs: over 200 hacking labs hosted in the cloud. In this course, we bring you the solutions, demos, and much more material and technologies for you to try.So if you're a fan of the original want to try your hand exploiting everything in the new Second Edition, you're in luck.Did we mention Burp Suite? If you want to learn from the author of Burp, you're in luck again.We have run courses for over five years at Black Hat, and we know what you want. This structured course is balanced at 120 slides with numerous opportunities to watch instructor-led demos, whilst hacking our library of over 150 lab exercises, spanning .Net, J2EE, PHP and finishing with a "Capture the Flag" contest.In our labs, no question is left unanswered (or unasked)!

Student Requirements

A working knowledge of JavaScript, basic SQL and understanding of the HTTP protocol.

What Students Should Bring

Students should bring a copy of the Web Application Hacker's Handbook and a laptop. A standard windows, Linux or Mac laptop is fine providing it meets the following prerequisites:
• A version of the JRE, capable of running Burp Suite.
• An Ethernet connection.
• Administrative access to the laptop, and the ability to install a few tools, and disable personal firewalls or virus scanners should they get in the way of the lab exercises.
• We strongly recommend a personal laptop - if your corporate laptop build is too restrictive this may affect your ability to participate in the course fully.

What Students Will Be Provided With

• Training manual
• 2-week trial version of Burp Suite Pro


Marcus is a co-author of the Web Application Hacker’s Handbook, and director of MDSec (,, an education-focused consultancy performing training, penetration testing and research. Marcus Pinto is internationally recognised as a leader in the application and database security field, having spent the last ten years in Information Security. His consulting experience has placed him in front of hundreds of clients and some of the most technical areas of security currently in commercial demand. He has delivered to some of the most high-profile audiences, including training many commercial and government penetration testing teams as well as key developers and architecture teams, and advising banks and other high-profile clients on structuring their key applications.

Dafydd Stuttard is an independent security consultant, author and software developer specializing in penetration testing of web applications and compiled software. Dafydd is co-author of the best-selling Web Application Hacker’s Handbook. Under the alias “PortSwigger," he created the popular Burp Suite of web application hacking tools, and still leads its development. Dafydd has developed and presented training courses at security conferences and other venues around the world.