This training introduces and details Office 365 through presentation, challenges and discussions around 150+ bounty award winning bugs. No pre-requisite in terms of knowledge about Office 365 is needed. At the end of the training, the participants will have a solid understanding of the Office 365 in general while SharePoint in particular and XSS vulnerability research in Office 365.

The main objective of this training is to train participants so that they can find XSS bugs in Office 365's umbrella applications easily. The technical details and the thought process leading up to this objective will be discuss. Please keep in mind that Microsoft follows Secure Development Life-cycle (SDL) along with internal and external pentests and audits and Office 365 is a security-hardened service. Last but not the least, after this training, participants will start looking at XSS in real world targets like a pro.

This course assumes that the student already has some basic understanding of HTML and JavaScript. Students will need to bring a laptop and a mobile to the class. Further, student should feel comfortable in using a proxy like Burp Suite.

Ashar Javed

Security Researcher, Hyundai AutoEver Europe



Ashar Javed works on penetration testing, source code review and mobile application vulnerability assessments at Hyundai AutoEver Europe GmbH. He has spent three years as a security researcher for Ruhr-Universitt Bochum, Germany. Ashar holds a PhD degree from Ruhr-Universitt Bochum and MSc from Technische Universitt Hamburg-Harburg, Germany. His research interests include web application vulnerabilities and in particular Cross-Site Scripting.



Ashar delivered talks at main security events like Black Hat Europe 2014, HITB KL 2013, OWASP Spain (2014, 2015 & 2016), SAP Product Security Conference 2015, International PHP Conference 2015, ISACA Ireland 2014, RSA Europe (OWASP Seminar) 2013, DeepSec, Austria (2013, 2014, 2015 and 2018), and GISEC, Dubai 2016. In his free time, he likes to participate in bug bounty programs. Recently, Microsoft has recognised Ashar as No. 1 security researcher in Microsoft's Security Response Center (#MSRC) Top 100 security researchers list of 2018.

