Exploiting Broken Webapps

Presented at BSidesSF 2017, Feb. 12, 2017, 1:30 p.m. (180 minutes).

Web applications can fail in a variety of ways, from Cross-Site Scripting to SQL Injection and more. Join us for a look at a variety of common web vulnerabilities, including Cross-Site Scripting, Cross-Site Request Forgery, Weak Authentication, Logic Errors, and more -- and an opportunity to test your web hacking skills against a simulated online bank. We'll be covering the vulnerabilities from the ground up, but a basic understanding of web applications (i.e., HTTP, HTML, and JavaScript) and browsers would be useful background.

Participants will need to bring a laptop. Prior experience with server-side programming and an understanding of how web apps are built is recommended.


Presenters:

  • Niru Ragupathy
  • David Tomaschik
    David has been breaking software and playing CTFs for years before making security a profession. He currently works on the Security Assessments team at Google, looking at a range of issues from embedded devices to customer-facing products.

Links:

Similar Presentations: