In this training, you will learn the approach and techniques for conducting and understanding a pentest on specific (web) applications as described in the OWASP Testing Guide. All steps to be taken will be covered through challenging labs, from scope definition to the final reporting. In addition to the OWASP Top 10, you will also learn to test for lesser-known vulnerabilities.

The goal of this offensive training is twofold:

1. To create a better awareness of the vulnerabilities in (web) applications by hands-on experiencing how these can be attacked/exploited by malicious actors;
2. To teach participants to independently penetration test (web) applications using specifically designated open source tools or to better understand how an external penetration tester does this.

Legal Agreement:

The mission of the course "Application Security Assessment" is to educate, introduce, and demonstrate application security assessment techniques for penetration testing purposes only.

Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system without the approval of the legal owner.

During this four-day course, the method and execution of a security assessment on a (web) application will be taught through hands-on examples and labs, using the OWASP Testing Framework.

All labs will be conducted with open source tools with a low 'click-here' factor, such as those available via the OWASP Web Testing Environment (WTE), OWASP Mantra projects, and Kali Linux.