Securing Web Apps

Presented at HOPE 2020 Virtual Rescheduled, July 26, 2020, noon (240 minutes)

Participants will attack web applications with: command injection, SQL injection, cross-site request forgery, cross-site scripting, cookie manipulation, and server-side template injection. This workshop will also exploit Drupal and SAML. Participants will then implement network defenses and monitoring agents, using Burp, Splunk, and Suricata. https://wiki.hope.net/index.php?title=Securing\_Web\_Apps\_workshop

Presenters:

• Elizabeth Biddlecome
  **Elizabeth Biddlecome** is a consultant and instructor, delivering technical training and mentorship to students and professionals. She is a senior instructor for infosec and leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
• Sam Bowne
  **Sam Bowne** has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc.

Links:

• https://xiii.hope.net/hope2020/talk/AQTNVJ/

Similar Presentations:

• BSidesSF 2017 / Exploiting Broken Webapps
• DEF CON 30 (2022) / Securing Web Apps Workshop
• Diana Initiative 2019 / Exploiting Web Apps: Hands-On