Bug Hunting Tools & Techniques Training

Experience with command line Linux is advantageous however it is not essential as the instructor will guide the delegates through each task.

• The limitations of generic vulnerability scanners
• The different types of vulnerabilities
• How to find and use relevant documentation useful to testing
• How to identify inputs in applications for testing
• How to review source code for vulnerabilities
• How to use debuggers and disassemblers to identify possible vulnerabilities
• How to use interception proxies
• How to use packet analysis tools
• How to test inputs using educated guess work
• How to fuzz applications for vulnerabilities

Module 1 - Application analysis

This module helps delegates understand the ways in which inputs in applications can be identified using online resources, static analysis and tools such as interception proxies, packet analysis tools and debuggers.

This module covers the following subjects:

• How to use online resources to identify useful information for testing
• How to identify inputs to applications
• How to perform static analysis of source code
• How to analyse applications using open source tools

Module 2 - Finding applications for vulnerabilities

This module helps delegates understand the various methods and techniques for testing applications for unknown vulnerabilities after analysing applications.

This module covers the following subjects:

• How to test applications for vulnerabilities using educated guess work
• How to test web applications using ZAP
• How to fuzz web applications for vulnerabilities
• How to fuzz system applications for vulnerabilities

Learning outcomes

Delegates will be able to understand the process and methods used to analyse applications for unknown vulnerabilities. Delegates will gain experience analysing both open and closed source applications using various tools and techniques allowing them to identify potential inputs to applications and test those inputs for vulnerabilities.