Web Application (In)Security

This is a cutting-edge, hands-on course aimed at hackers who want to exploit web applications, and developers who want to know how to defend them. The course is presented by the authors of the critically-acclaimed Web Application Hacker’s Handbook, and covers the entire process of hacking a web application, from initial mapping and analysis, probing for common vulnerabilities, through to advanced exploitation techniques.

When the most capable hackers will be challenged and find plenty to take away. We will also demonstrate the very latest hacking techniques developed over the past year.

Some highlights include:

• Exploiting SQL injection using second-order attacks, filter bypasses, query chaining and fully blind exploitation
• Breaking authentication and access control mechanisms
• Reverse engineering Java, Flash and Silverlight to bypass client-side controls
• Exploiting cross-site scripting to log keystrokes, port scan the victim’s computer and network, and execute custom payload
• Exploiting LDAP, XPath and command injection; and
• Uncovering common logic flaws found in web applications.
• The course concludes with a catch-the-flag contest.

Attendees are expected to be familiar with core web technologies like HTTP and JavaScript.

Course Length:

Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

What to bring:

Basic networking knowledge required. Understanding of programming languages (especially PHP, ASP and ASP.NET) preferred.

Participants are requested to bring their own laptops. No particular OS is required, but Windows, Linux or Mac is recommended.