Training 1

Web Application Security Lab


This training is based on the platform, providing an online lab with several hundreds of different security challenges.

Participants of this training will be granted access to several challenges in, where they can exercise their skills or learn with step-by-step instructions on how to exploit vulnerable web applications. After a common introduction, participants can select the desired difficulty level and solve the proposed challenges at their own pace, with the support of two trainers.

A virtual machine, including all required tools, is provided as working environment. Participants are required to bring their own laptop with the provided virtual machine image installed.

Table of content:

  • Global information about
  • Getting familiar with the setup
  • Details about the proposed challenges
  • Participants solve the challenges they desire with the support of the trainer

Audience type:

This training is open to anyone interested in ethical hacking in general and especially in Web security. Some basic knowledge about web applications and Linux is expected.


  • Participants are required to bring their own laptop and install a provided VM in advance
  • Network access via Ethernet (preferred) or Wi-Fi


 Antoine Neuenschwander (Compass Security Schweiz AG)

Antoine Neuenschwander
(Compass Security Schweiz AG)

Antoine Neuenschwander worked as a software engineer in the development of security products for several years before joining Compass Security in 2014 as a penetration tester and security analyst. His fields of expertise include web application security in general and authentication protocols in particular. Antoine Neuenschwander holds a MSc degree in Computer Science from the Swiss Federal Institute of Technology in Zurich.
 Alexandre Herzog (Compass Security Schweiz AG)

Alexandre Herzog
(Compass Security Schweiz AG)

Alexandre Herzog worked as system administrator and developer over 10 years in banks in Switzerland and abroad before joining Compass Security in 2010. His fields of expertise include Microsoft based technologies, from the operating system up to the C# code of (ASP).NET solutions. Alexandre is also interested in Web Security in general and is the author of several security advisories (Microsoft, SAP, AdNovum, United Security Providers, …). His most critical finding was a flaw in Micosoft's .NET framework, allowing remote code execution on various web applications ranging from SharePoint to OWA and many other ASP.NET applications.
Alexandre Herzog, now CTO of Compass Security, finished in 2013 his MAS studies in Information Security at the University of Applied Sciences of Lucerne. His master thesis consisted of an analysis of cryptographic mechanisms in Windows and .NET.


All supports and slides will be in english.
The speakers will talk in english or in french.


One session of a full day: from 8:45 to 12:00 and 14:00 to 17:30


There is a special price in bundle with the conferences:

  • Regular:  only CHF 50.- for the training,
    i.e. CHF 350.- for conference (CHF 300.-) + training 1 (CHF 300.-)
  • Student: only CHF 30.- for the training,
    i.e. CHF 130.- for conference (CHF 100.-) + training 1 (CHF 100.-)

Without conferences, for the full day:

  • Regular: CHF 300.-
  • Student: CHF 100.-