RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 4-5

Advanced Web Application Penetration Testing: Black Hat Edition

Aspect Security

registration button


This two-day course is designed to teach web application security testers how to become more effective, organized, and methodical in their approach to web application security testing. Participants of this course will learn how to scope a security review and prioritize the work, understand the manual and automated tools and techniques available and when and how to apply them, and learn how to determine the real risk value. In order to achieve these goals, students will assess a real world application against the OWASP Top Ten security areas. The Black Hat specific course will utilize a modified version of the Java Pet Store J2EE web application provided by the Blueprints project. Not only will we identify vulnerabilities introduced into the application, but students will also be asked to identify actual 0-day vulnerabilities existing in the Java Pet Store baseline! Students gain hands-on testing experience with freely available web application security test tools to find and diagnose flaws and learn to identify them in their own projects. The students are then guided through the process of how to create and communicate effective software security flaw descriptions for the flaws they have discovered.

While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner.

Who Should Attend

The intended audience for this course is:

  • Software security testers and code reviewers
  • Designated security experts
  • Architects with a desire to understand more about security

Learning Objectives

At the highest level, the objective for this course is to ensure that developers are capable of designing, building, and testing secure applications and understand why this is important.

Security Planning - Scope a security review and prioritize the work
Penetration Testing - Understand the tools and techniques available and when to apply them
Code Review - Understand the tools and techniques available and when to apply them
Risk Management - Learn to diagnose a finding in terms of likelihood and impact.


Aspect Security has been working with development teams around the country for years to help them identify, diagnose, and address security issues throughout the application development lifecycle. Through these efforts, they have learned the key practices that development and project managers, and key support personnel must know to achieve secure applications.

Aspect’s instructors are full-time application security specialists that spend the majority of their time working with clients to secure the nation’s most critical applications. Leveraging this practical experience brings the class to life. Students will gain valuable insight into lessons learned from other development organizations. Our instructors also make themselves available to you for application security questions after the course is complete.

Aspect is a founding OWASP Member and supports several OWASP projects. In particular, Aspect conceived the OWASP Top Ten project and led the effort to build the document. We also built WebGoat, ESAPI, Stinger, and CSRFGuard and donated them to the OWASP effort. Aspect personnel assist with the management of the OWASP Foundation and help run the OWASP AppSec conference series.

Arshan Dabirsiaghi is the Director of Research at Aspect Security. Arshan has over seven of years of professional experience writing code, four years of professionally auditing code, and many years of hobbying in both. At Aspect Security, Arshan performs the normal array of security assurance work, including code reviews, architecture reviews and penetration testing. He spends the balance of his work time teaching classes all over the world and doing research into next generation web application attacks and defenses.

Arshan earned his Master’s degree in Computer Science from Towson University with a focus on Information Security. He has delivered tutorials at Blackhat and OWASP conferences and has been a featured speaker at a number of security and artificial intelligence conferences. Arshan is also the author of the OWASP AntiSamy project.

registration button

Ends May 1

Ends July 1

Ends July 31

Begins August 1

USD 2000

USD 2200

USD 2400

USD 2700

1997-2009 Black Hat ™