Professionally Evil Application Security


The Professionally Evil Application Security (PEAS) course is designed to teach developers, IT professionals, and penetration testers of all skill levels.  This course focuses on the techniques used to assess and exploit applications; including web and mobile applications, APIs, and HTTP-based systems. We combine these techniques with explanations of the risks exposed and defenses required to improve the security of your organization.

The course uses a large number of hands-on exercises to reinforce the techniques and understanding an attendee will gain so that they benefit on the very first day back to work.  The course focuses on manual techniques for discovery and exploitation while teaching an industry-standard methodology of reconnaissance, mapping, discovery, and exploitation. This methodology provides a comprehensive standard for assessing applications and APIs.

Students use the SamuraiWTF project environment to learn both attacks and defenses while in class.  This environment provides realistic targets and tools which enables the attendees to understand how the techniques taught are used in the real world.

The course finishes with a capture-the-flag (CTF) event.  In this event, attendees assess and exploit a modern organization’s application.  This capstone exercise is designed to pull together all of the knowledge, techniques, and exploits.

Completing this course meets all of the requirements for developer training as part of PCI-DSS.

Kevin Johnson

Kevin Johnson

Chief Executive Officer

Kevin Johnson is the Chief Executive Officer of Secure Ideas and has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute. Kevin is also very involved in the open source community. He runs a number of open source projects like SamuraiWTF, Laudanum, Yokoso, and a number of others.

Jason Gillam

Jason Gillam

Chief Information Officer

Jason Gillam is Chief Information Officer (CIO) at Secure Ideas and an IANS faculty member. He has over 20 years of industry experience in enterprise software development, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to Fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture. Jason co-built and managed an award-winning application security design and testing program at one of the world’s largest financial institutions and has also provided numerous application security training and awareness briefings to large internal technical audiences and led the development of best practices code and documentation for the same.