THIS STUDY GROUP IS FULL! PLEASE JOIN THE WAITLIST. WE WILL DO OUR BEST TO NOTIFY YOU SHOULD A SPACE COME OPEN.

Are you looking to get into web application pentesting or bug bounty hunting? Join our study group! This will be a hands-on study group where we will practice, practice, practice. We will study common web app vulnerabilities, exploit them on vulnerable web apps, and understand how to remediate them.

This study group is free, but will be available to paying members only. Not a member? Join here.

This will be held online every Wed from 600p - 900p PST via join.me. We plan to repeat this study group once the cycle is over. Tune in to the information session on May 8 to get more details!

These vulnerable application/virtual machines will be used for the study group:

Mutillidae 2

Webgoat

RailsGoat

Security Shepherd

DVWA

bWAPP

Juice Shop

Hackazon

May 8 - Info/pre-start session

May 15 - Map application with Burp & other tools

May 22 - Security Misconfiguration +  Sensitive Data Exposure + Using Components with Known Vulnerabilities

May 29 - Broken Authentication & Session Management

June 5 - Broken Access Controls + Insecure Direct Object References + Missing Function Level Access Control

June 12 - Injection (Other)

June 19 - Injection (SQL)

June 26 - Unvalidated Redirects and Forwards aka Open Redirects + SSRF

July 10 - Cross Site Scripting (XSS)

July 17 - Cross Site Request Forgery (CSRF)

July 24 - Insecure Deserialization

Any Date - Self/company assessment