Exploiting Web Apps: Hands-On

Presented at Diana Initiative 2019, Aug. 10, 2019, 4 p.m. (60 minutes).

Learn attack techniques in a fun, CTF-style hands-on workshop. Participants will attack on Web applications with: command injections in Bash, PowerShell and ImageMagick; SQL injection; Cross-Site Request Forgery; Cross-Site Scripting; cookie manipulation, and exploit Drupal and SAML. We will also implement network defenses and monitoring agents. We will use Burp, Splunk, Snort, and simple Python scripts.

Prerequisites: participants should know basic security and networking. Experience with Web development is helpful but not necessary.

Students must have a computer with a Web browser and Java. For some projects you will need a Linux or Windows virtual or cloud machine.

All project instructions and materials are freely available online.


Presenters:

  • Sam Bowne - Instructor at City College San Francisco
    Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at RSA, DEF CON in Las Vegas, DEF CON China, HOPE, BSidesSF, BSidesLV, LayerOne, Toorcon, and many other schools and conferences. Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner
  • Elizabeth Biddlecome - Instructor, Part-Time at City College San Francisco
    Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

Links:

Similar Presentations: