UPDATE: Updated the done steps. below. Also changed the links from S3 to Git.
Since our founding in 2010 Secure Ideas has always tried to focus on education and increasing the amount of available knowledge in our field. As such we have contributed to courses, presented at conferences around the world and contributed to open source projects. Two years ago we announced our free training for veterans and first responders. Last year we followed up with our free Scout security services for non-profit charities. And to be completely honest, we are pretty proud of what we have been able to do and to thank everyone for supporting us and helping make us better.
And in that mindset we want to announce our latest work on helping the industry build a body of knowledge. A number of years ago we built a class that was used in a large number of training courses and made up a major part of a curriculum. In 2014 Secure Ideas wrote the last version of that. We want to release this to the public so that anyone who wants to go through the materials is able to learn how to do web penetration testing. And we want people to help us make it better.
So here is the plan:
- Release the slides without the exercises (TODAY!<grin>)
- Determine a format for the course that will allow many people to contribute (Done. GitPitch)
- Create a Git repo for this course (Done: https://github.com/ProfessionallyEvil/pewapt101)
- Release the slides and exercises via this Git repo (Done for slides)
- The exercises may take a bit of time as they will first require significant updates
- Release the exercise targets and virtual machines
- Release the Capture the Flag (CtF)
- Maintain this course for as long as people want us too.
The course, Professionally Evil Web App Pen Testing 101 (PEWAPT) is designed to work as an introduction to web application penetration testing. It mainly focuses on a methodology and tools to support the methodology. We are releasing it using the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. This can be found at http://creativecommons.org/licenses/by-nc-sa/4.0/
Feel free to download it now and let us know what you think! You can email us at training@secureideas.com or on Twitter at @secureideasllc