Presented at
DeepSec 2015 „DeepSec No. 9“,
Unknown date/time
(Unknown duration)
This training shows you how to attack and defend websites from the perspective of a Web developer. As a long lasting penetration tester and Web security trainer, Marcus will show you known and sometimes unknown attack techniques (and bugs).
DAY 1:
- Basic knowledge
-- HTTP, HTML, CSS, XML, and DOM
- Social Engineering and Information Disclosure
- Logical Flaws
- Same-Origin Policy
- Cross-Site Request Forgery
- Cross-Site Scripting
-- Reflective XSS
-- Stored XSS
-- DOM-based XSS
-- Self XSS
-- Mutation-based XSS
- Session Hijacking and Session Fixation
DAY 2:
- UI Redressing and Clickjacking
- File Inclusions and Path Traversal
- Remote Command and Code Execution
- SQL Injections
- Secure Coding
-- Fonts
-- DOCTYPE Switch
-- HTTP Parameter Pollution
-- Content Security Policy
-- Burp Suite
-- Security Requirements
WHAT STUDENTS SHOULD KNOW:
You should know the basics about HTML, JavaScript, and SQL.
WHAT STUDENTS SHOULD BRING:
Every participant needs an Internet connection and a laptop with Firefox. You will learn a lot - maybe you should bring some headache pills with you.
WHO SHOULD ATTEND
You should definitely attend if you are a Web developer. Depending on the level of knowledge, this workshop might also be interesting for penetration testers and security researchers (especially on day 2!).
Presenters:
-
Marcus Niemietz
- 3curity GmbH
Marcus Niemietz is a co-founder of 3curity and security researcher at the Ruhr-University Bochum in Germany. He is focusing on web security related stuff like HTML5 and especially UI redressing. Marcus has published a book about UI redressing and clickjacking for security experts and web developers in 2012. Beside that he works as a security consultancy and gives security trainings for well-known companies. Marcus has spoken on a large variety of international conferences.
Links:
Similar Presentations: