HALF-DAY WORKSHOP

Fundamentals of Web Pentesting for Quality Analysts

This workshop tells the story of how web penetration testing evolved from basic scans into a core security practice. As applications grew more complex, attackers adopted advanced tooling and evasion techniques, pushing defenders to go beyond traditional QA. Through hands-on use of Nmap, sqlmap, and Burp Suite, participants will explore firewall evasion, red teaming concepts, and structured pentesting methodologies aligned with OWASP. The workshop shows why QA teams must adopt an adversarial mindset, learning not only how vulnerabilities are exploited, but how to report and remediate them effectively before they reach production.

In this workshop, the instructor will guide participants through the fundamentals of web penetration testing using a practical, hands-on approach. The workshop will cover common web vulnerabilities aligned with the OWASP Top 10, including how they are identified, exploited, and validated using tools such as Nmap, Burp Suite, and sqlmap. The workshop will also explore pentesting methodologies, basic red teaming concepts, firewall evasion techniques, and best practices for writing clear, actionable security reports. Finally, participants will learn how to remediate discovered issues, strengthening application quality and resilience from early stages to production.

What you’ll learn

What you’ll need

Workshop details

Daniela Maissi

Security Researcher, DevSecOps and Penetration Tester with 11 years of experience in IT. Currently working as security researcher at Owasp Foundation and prev EC Council as one of the winners of Top Researchers 2023.