May 2013 Pen-Testing Workshop

This event has already occurred.  Thanks to everyone who showed up and participated with us!  Videos from the event will be posted soon.

Jeremy Druin, ISSA Kentuckiana Director of Education, will be leading a pen-testing workshop on May 18th, 2013 at the Sullivan College of Technology and Design. The workshop will last from 9:00AM until approximately 5:00PM and will cover a wide variety of pen-testing topics. Lab exercises will be included and attendees may follow along. Please note the links below to videos on installing the target web application or join us in the May workshop where we will build a web pen-testing lab.

Jeremy Druin, GXPN, GPEN, GWAPT, GSEC, Sec+
Certified Lead Information Security Analyst

Sullivan College of Technology and Design
3901 Atkinson Square Dr
Room ETB 6 & 7
Louisville, KY 40218
(502) 456-6509

Topics Covered:
SQL Injection
Injection point identification, prefixes, suffixes, and context
Cross Site Scripting / Beef Hooks
HTML Injection
JavaScript Injection
JSON injection
Authentication Bypass (SQLi)
Authentication Bypass (Cookie Tampering)
Local File Inclusion
Remote File Inclusion
Cross Site Request Forgery
Unvalidated Redirect

Best Effort Topics (Time allowing):
Authentication Bypass (Cookie Stealing)
Parameter Addition
Cryptographic Initialization Vector Tampering

$40.00 donation to the Long Family on the Hackers for Charity (HFC) website. The Pay-Pal receipt is your “ticket” to attend.

Donation URL:

To donate, browse to then click the “Make a one-time donation directly to the Long family” link that appears mid-way down the page. Once the donation is complete, Pay-Pal will issue a payment receipt number (looks like a code). Simply print this receipt and present it as your ticket at the door.

Workshop Notes:
– No prerequisites or experience required
– Lab participation is optional but encouraged
– Hands on: Instructions on setting up lab will be provided 2-weeks before class
– Live lab set up workshop will be given May 10th at monthly meeting

Bring either Windows with XAMPP, Mac or Samurai Linux—your choice.

Windows: XAMPP supported or WAMP with Mutillidae / Burp-Suite Free Edition
Linux: Samurai 2.0 supported or roll your own with Mutillidae / Burp-Suite Free Edition
Mac: MAMP with Mutillidae / Burp-Suite Free Edition (On your own for support)

Installing and Using Burp Suite:
Installing NOWASP Mutillidae on Samurai Linux:
Installing XAMPP/Mutillidae on Windows:
PHP Errors after installing Mutillidae? Go here:

If you are interested and would like to register for the event, please click here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.