It is found that Javascript is disabled in your browser.
Please enable Javascript, or you cannot get access to Registration page.



Workshop 10 - Advanced Webapp Pentest Kungfu

Speaker: Mr. Anthony Lai


HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Date: 11 - 12 Oct 2018 (2 days)


09:30 - 17:00
Non-member Fee
HK$6,600 (Early Bird: HK$6,400)
Member Fee for Organizer/Supporting Organization HK$6,400 (Early Bird: HK$6,200)

Medium of Instruction

Cantonese with handout in English

Nature & Objectives

We have already carried out Pentest Kungfu Part 1 about OWASP Top 10 and basic tricks and skills in both network and web application penetration test. We would like to present a little bit advanced on topic related to Cryptography, development framework and train you up with some mini-war games.

Basics of cryptography will be briefed but most of the time we will brief about tricks and attack on systems depending on crypto and hash in their authentication and session.

Meanwhile, we will cover some common flaws of the development framework.

In addition, it would be a practical session to play in group to review what you have learnt in OWASP Top 10 and tricks via CTF (Capture The Flag) game.

This is the course for people have understood Pentest Kungfu part 1 from us or/and well understand OWASP Top 10.

Course Outline

  • OWASP Top 10 Quick Review
  • Intermediate level and advanced techniques in XSS and SQL Injection
  • Development Framework vulnerabilities
  • Web security test technique with crypto
  • CTF game to test your skills

Who Should Attend

The target audience is for anyone who would like to get familiar with Web application penetration test, especially for those who are IT auditors or those who are system administrator/software developers as they could apply the learnt skills to test/audit the systems. It is also good for people who would like to transform themselves into penetration tester.

Requirement for Participant

Each participant is required to bring a laptop with Kali Linux VM 64 bit installed, and power cord. Participants must complete the installation of Kali Linux VM 64 bit(Version 2018.2) in Vmware Player or VirtualBox before the workshop.


Mr. Anthony Lai
Valkyrie-X Security Research Group (VXRL)

Mr. Anthony Lai | Information Security Summit 2018 | align=

Researcher, Valkyrie-X Security Research Group (VXRL)

Anthony Lai who has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 14 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and threat advisor of several MNCs. He acts as a researcher in Knownsec for Web security.

Anthony has spoken in Blackhat USA 2010, DEFCON 18-20, AVTokyo 2011-2012, 2013.5, HITCON 2010-2011 as well as Codegate 2011. He has set up a security research group called VXRL ( in Hong Kong, which connects various whitehats and security researchers.

He is a SANS GWAPT, GREM and GCFA holder.

Copyright © 2019 Hong Kong Productivity Council. All Rights Reserved.