Budapest, MAY9
Budapest, MAY9
early: €470 ; final: €580
Burp for testers and developers

Budapest (HU), 1-day intensive training

Early tickets till APR13: €470 net [148KHUF+VAT]
Final price: €580 net [185KHUF+VAT]/seat.

* Note: there is also 'WebAppSec testing/fixing' workshop the previous day, and by booking to the both you'll get 10% off.

Onsite lunch: pizza by
Green Fox Academy.
We'll advise you on hotels, travel and hangouts.

timing
May 09 (Thu), 10:00-19:00
venue
Green Fox Academy, Budapest
seats
15+
trainer
 Zsombor Kovács
agenda
course agenda
language
English
enrollment
defdev.eu/e/1905.bud.burp/enroll
(with vouchers)

In the unlikely case of low demand this training can be gracefully cancelled by defdeveu 30 days prior the event date with 100% refund!

Read the legend text under the actions tabs! Mind the applicable VAT option! Also, guys, read the full booking guide below and don't hesitate to ask !

Book>Enroll>Go:  () Faythe books tickets for Alice and Bob or herself -> She gets a VAT invoice to pay via wiretransfer or by bankcard -> Faythe gets voucher(s) by email -> () Bob and Alice (or Faythe) use their personal vouchers to enroll.

 Fast booking:  If the above corporate flow is not for you, you may choose to checkout with PayPal ().
Or pay €50 now as a deposit to reserve () your seat at the earlybird price, receive your invoice, and pay the rest 3 weeks before the event.

 VAT:  EU VAT registered businesses pay 0% VAT, and the same applies to non-EU businesses and citizens. Hungarian companies and EU resident individuals must pay 27% VAT on top of the net price.

Burp Suite for testers and developers

The purpose of the workshop is to provide testers and developers an overview how the Burp suite can be used for web testing work. Even though Burp is primarily designed for penetration testers, its sophisticated capabilities can come handy for everyone whose job is to perform general bug hunting in web applications.

By the end of the training, participants will have a general understanding of how web applications work under the hood, how to use Burp for troubleshooting errors and how to utilize Burp's tool set for re-creation of error conditions by manual HTTP traffic manipulation.




Burp for developers

from the 'DIY security testing' series

full title
Burp Suite for testers and developers
course level
practical baseline
audience
testers, developers, security champions, junior security testers
duration
1 XL day, 7 hrs education time
gear
a laptop
preinstalled
Burp (ideally: a licensed Pro version, but the Community version is mostly enough)
qualification requirement
general understanding of how networks work; familiarity with HTML and simple JS code

Understanding Burp

Computer networking in general
The HTTP protocol. Requests and responses. Stateful and stateless protocol philosophy and built-in hacks in HTTP.
Browsers and web applications
Executable code vs. static code. Basic browser features (cookies, caching etc.) and potential pitfalls.
Web proxies
Different types, features. TLS/SSL related issues. Advantages, disadvantages of proxy implementations.
Burp at a glance
Overall philosophy of the GUI. Sending requests internally between tools. Basic use of the GUI for static HTTP traffic inspection.
Burp and networking
TLS/SSL, certificates, the PortswiggerCA. Importing and exporting certificates. Potential pitfalls with the oh-so-many different SSL certificate formats. Downstream and upstream proxies.
The Target tab
The significance of scope settings. Exclusion lists and the proper scope selection process.
The Spider tab
Operation, caveats and results. Throttling and performance issues.
The Repeater
Operation, use of this versatile tool in several scenarios.
The Sequencer
Setup, parametrization and use. Result interpretation.
The Intruder
Interaction with repeater. The payload position template. Different types of payloads. Attack types (sniper, pitchfork etc.) and usage. Payload selection and pre-send processing. Throttling and result interpretation.
The Decoder
Different encodings and external tools to enhance the efficiency of the process.
The Extender
Basic concepts, the Burp API. Writing extensions for various tasks in Python.

Mastering Burp

In this session, lifelike challenges will be presented to participants as small web applications modelling real-life scenarios, which can be overcome by using and fine-tuning several tools in conjunctions within Burp.

This workshop is delivered by

Zsombor Kovács is a security specialist with many years of hands-on experience in penetration testing in Budapest, London and Zürich. Besides penetration tests performed on mobile device (both iOS and Android) his main focus is application and infrastructure evaluation. Zsombor conducts penetration tests and malware analysis on a daily basis. He found vulnerabilities in all sorts of Android and iOS applications from e-banking and telecommunication to document management, to MDM. He also has been involved in projects dealing with incident response, forensic engineering, reversing, physical security and social engineering. Zsombor is keen on everything related to hacking from finding bugs in mobile applications to secdev consulting, to lock picking and RFID hacking and exploring the human psyche.

Recently, Zsombor got involved in secure development trainings on both mobile platforms.


From the trainings record of Zsombor:
LogMeIn, GoToMeeting, defdev1611, defdev1805



The workshop is hosted by



Booking assistance,
feedback, questions 

Do not hesitate to call or otherwise contact our support!
hello@defdev.eu  select/copy assistance form  google form
@defdeveu  direct message us +36309225777   from noon to 9pm

Do not hesitate to ask questions, request assistance, call for support, ask about the course, invoicing, payment options, visa support, hotels, etc.

We also understand that buying expensive tickets still requires a decision making process, even if our trainings are superior. ,)

We also suggest you walk through:

  • The course abstract and agenda above
  • The tickets booking and enrollment guide below
  • The FAQ section on the main page.

Booking/enrollment guide

Booking
  • Use the corresponding booking form to indicate your order (the 'book tickets' button/tab on the event page will ignite a link similar to defdev.eu/e/1905.vie.xxx/book which will redirect to the google form).
    It doesn't matter at this step whether you book a seat for yourself or seats for others.
  • When booking please check the header of the form for details and instructions.
  • Upon receipt of your booking form we will contact you in email.
  • We send you an invoice when all the particulars are clear for us and confirmed on your side.
  • Upon receipt of payment we send you vouchers, one voucher per seat (visitor).
    The vouchers are 6 characters codes.
  • If your were helping your colleagues to book their seats, you forward the vouchers one-by-one to the eligible individuals.
Enrollment
  • The enrollment form is available via the 'Enroll w voucher' tab on the event page.
    The enrollment link is something similar to defdev.eu/e/1905.vie.xxx/enroll which will redirect to the google form.
  • A visitor enrolls herself to the course using her personal voucher code at the corresponding form.
  • When the event is approaching we will contact the enrolled/registered visitors with a so called "student's doc" which will contain all the details of the course. May that document not be shared with a student/visitor 5 days prior the event, please alarm us at the above channels!
Fast booking/reservation

May the above corporate flow not fit your situation, you can choose to pay €50 now as a deposit to reserve your seat at the price of today, receive your invoice, and pay the rest cca. 3 weeks before the event.

  • Hit the 'Reserve fast (€50 deposit)' button/tab on the event card. Pay that deposit instantly at PayPal / with any debit/credit card.
  • We will contact you in email within a day to confirm your reservation.
What payment options are available?

Wiretransfer (SEPA/SWIFT/TransferWise), credit/debit cards, Paypal-to-Paypal.

What VAT rate applies/payable/included/excluded?
  • In case of EU VAT subjects (except the Hungarian businesses) and of non-EU clients the rate is 0%.
    Thus ticket price of €1000 is net 1K + 0 VAT payable.
  • For all the other clients -- EU individuals and Hungarian companies -- the VAT is 27%, and is NOT included in the announced ticket prices.
    Thus the announced ticket price of €1000 means €1'270 payable for them (including VAT).
  • Note: special fiscal/taxation regulation cases may apply.
Are the tickets refundable?

We refund the price you paid with deduction of a €50 cancellation fee per seat when cancellation is requested by a client latest on the 32nd day prior the event. In case of the later requests we are ready to suspend and reassign your order to an other training (€50 re-booking fee per seat applies).

Why is that weird note at the event card: "In the unlikely case of low demand this training can be gracefully cancelled..."?

One of the standard conditions of our public trainings is that the booked tickets are to cover the costs. If on the 32nd day prior to the event we see that the announced training may end up in losses then we may cancel it with full rollback. All parties retire back to square one. You as the client get full refund of the money transfered for the tickets of the cancelled event.

Who issues the invoices and is the beneficiary of payments?

azd.security Kft., Budapest, Hungary
VAT: HU13804079, Estd: 2006, EU ID: HUOCCSZ.01-09-874089 [in Hungarian only, but the official registry, pass the captcha first]
PayPal merchant ID: FUBRZGH72QGZQ

We require special kind of invoice due to our local regulations, is it possible to get such?

Sure! Let's arrange that at the booking stage.

Other standard questions? (eg. discounts)

Please, browse the other FAQ section below. Also, don't hesitate to contact us on the above channels: assistance form, email, twitter dm, call.



The full catalog of our courses is available at c.defdev.eu.

For sponsors

def[dev]eu events provide a unique opportunity for the secure development tooling and services providers to get in touch with developers and team leaders from cool European development teams and IT departments

Contact us at hello@defdev.eu, direct message us on twitter @defdeveu or call +12318468790 [Timur].



The training is supported by