Please enable JS

Training Security


Based on the team's personal experience within the industry, Defendza has designed their training services which are innovative, engaging and focused on the current challenges faced by the cyber community. Whether it's about information security awareness for the staff or a high end training requirement for security consultants, administrators or network staff, Defendza caters to these demands with our already established successful courses/labs. Defendza staff were amongst the Black Hat trainers team who delivered the following course:

Depending upon the audience skill-set, Infrastructure and web application courses are offered with the following options:
Intermediate - Advanced Level
Beginner - Intermediate Level

From the past feedbacks, our class students arrive at this conclusion at the end - Very informative and a lot of fun. Shapes you into a skilled penetration testing professional infrastructure, basic apps, and networks covered. Prove and improve your practical skills with this 100% practical training course.
Attendees are motivated to capture all the flags in the lab without revealing answers. Help is on standby and hints/answers are provided on request or at the end of the module, whichever earliest.
Dedicated machines are provided to all attendees in order to ensure that every attendee works at his/her own speed to truly perfect his craft and develop skills through this hands-on course.

Web Application

Web ApplicationBasics

This module will detail the basic application architecture including the protocols and common technologies in use to host a web application. The evolution of web applications over a period of time and what to expect in future covering the security aspect. This module will provide an overview of the common threats to user data due to insecurely designed applications, provide warm up of the common tools / browser plugins available to pentesters and how to use them to the best use. The module will cover:

Application architecture
Web technologies
HTTP basics
Current attack trend
Application Security overview
Google hacking
Common pentest tools overview

Application TestMethodology

Every application is different and requires a specific methodology to be followed in order to ensure that all aspects of security are assessed within the given time frame. What constitutes a complete assessment will be explained and details about the scripts and techniques will be provided in this module that contains the following:

Port scanning
Web server assessment
SSL security
Default configuration / Common CMS identification techniques

OWASP Top 10/ Application Vulnerabilities

Industry standard OWASP details several categories of vulnerabilities that a consultant needs to assess the application against. By following a specific pattern based on the understanding of the application, student will be able to identify and exploit different application level vulnerabilities. The module will cover the following in depth:

Authentication vulnerabilities
Session management security
Business logic flaws
SQL Injection
Cross Site Scripting
Insecure direct object references
Broken Access Control
Cross-site Request Forgery
Unvalidated redirects and forwards
Input validation and encoding
File Inclusion – LFI, RFI
Privilege escalation opportunities
Session Fixation
Mobile Application Security Assessment
Compiled Binary Security Assessment
Windows Reversing Malware
Intrusion Detection & Analysis
Burp hands-on Training
Secure Software Development