Exploiting Broken Webapps

Presented at BSidesSF 2017, Feb. 12, 2017, 1:30 p.m. (180 minutes)

Web applications can fail in a variety of ways, from Cross-Site Scripting to SQL Injection and more. Join us for a look at a variety of common web vulnerabilities, including Cross-Site Scripting, Cross-Site Request Forgery, Weak Authentication, Logic Errors, and more -- and an opportunity to test your web hacking skills against a simulated online bank. We'll be covering the vulnerabilities from the ground up, but a basic understanding of web applications (i.e., HTTP, HTML, and JavaScript) and browsers would be useful background.

Participants will need to bring a laptop. Prior experience with server-side programming and an understanding of how web apps are built is recommended.

Presenters:

• David Tomaschik
  David has been breaking software and playing CTFs for years before making security a profession. He currently works on the Security Assessments team at Google, looking at a range of issues from embedded devices to customer-facing products.
• Niru Ragupathy

Links:

• https://bsidessf2017.sched.com/event/9IMc/exploiting-broken-webapps

Similar Presentations:

• HOPE 2020 Virtual Rescheduled / Securing Web Apps
• BSidesSF 2016 / Exploiting Broken Webapps
• Diana Initiative 2019 / Exploiting Web Apps: Hands-On