We will not teach you how to run Nessus and Nmap, nor tell you to have a SNMP policy.

We will teach you to write exploits and how to attack.

Wide Open To Interpretation

This class will cover auditing modern Java applications, exploiting vulnerabilities from a wide variety of vulnerability classes. From the home desktop, to the enterprise, Java is consistently present in ways you would not expect it to be. This class will teach you how to take advantage of the insidious layer of Java bubbling through the cracks of the modern enterprise attack surface.This class will provide plenty of “Hands-on” time and exercise sessions.

For additional information, pricing quotes, or a copy of the prerequisite evaluation, please send an email to training@immunityincdotcom.

Java Syllabus *

Day One

  • Java Classes 101
    • Class member access
    • Classes hierarchy & interfaces
    • Nested & Inner Classes
  • Introduction to Java Security & Sandbx
    • Bytecode Verifier
    • Security Manager & Access Controller
    • Security Manager in Application Servers
    • Serialization
    • Java Reflection
  • Secure Coding Guidelines
  • Environment Setup
  • Java Web Applications Introduction
  • Information Disclosure
  • Input Validation
    • Cross Site Scripting
    • SQL Injection
    • Command Injection
  • Logical Bugs
    • Path Traversal
    • File Disclosure
    • File Overwrite
    • Privilege Escalation

Day Two

  • Request Forgery
    • Client Side Request Forgery
    • Server Side Request Forgery
  • Dangerous Parsing
    • XML
    • XSLT
    • Deserialization
  • El Injection

Day Three

  • JNDI/LDAP Manipulation
  • Frameworks & Services
    • WebServices
    • REST APIs
    • Vulnerabilities in Popular Frameworks
  • Crypto
    • Padding Oracle
    • PRNGs
  • Exploitation

* class syllabus is subject to change


All of Immunity's training courses offer Continuing Professional Education (CPE) credits.
If you are interested in earning credits, just let Immunity know in advance.

Virtual Canvas Training (VCT) 10 CISSP
Web Hacking Language Review 7 CISSP, CSSLP, SSCP
Wide Open To Interpretation 21 CISSP, CSSLP, SSCP
Web Hacking 28 CISSP, CSSLP, SSCP
Click Here For Ring0 28 CISSP, CSSLP, SSCP
Master Track: Applied Cryptanalysis 28 CISSP, CSSLP, SSCP
Master Track: Kernel Exploitation 28 CISSP, CSSLP, SSCP

* Total potential credits