Intro to Hacking Web Applications (That Conference 2019)

July 31, 2019 20:58

Did you watch the 6 o’clock news this week? Cybersecurity is constantly making headlines, and nearly every day we hear about some major hack or new data breach. But what does that have do with your website or web application?

The vast majority of cyber attacks against a web application are relatively easy to defend -- yet most applications remain vulnerable. In fact many developers aren't even aware of how simple these attacks are to execute. Spoiler alert: it's really, really easy.

During this day-long workshop we'll use a variety of tools (including Kali Linux) to hack a vulnerable web application written in Node.js, Express and Angular. We'll cover a variety of approaches to how attackers exploit web applications: everything from XSS and SQL injections, to metasploit and burp, and lots of other hacking tricks.

Be prepared to learn, laugh and cry as we explore security flaw common to most web applications. You’ll leave this workshop with hands-on experience in penetration testing methodology, a deep understanding of the current OWASP best practices, and a broad appreciation for cybersecurity.

If you can’t protect your web applications from hackers, who will?

OWASP Juice Shop is probably the most modern and sophisticated insecure web application, and is frequently used in security trainings, awareness demos, CTFs and as a guinea pig for security tools. We're going to spend the majority of our day learning about the various styles of cyber attacks against web applications -- and then applying that knowledge to hack the Juice Shop application. Time-permitting we will dive into a variety of tools -- Kali Linux and Burp come to mind, but those will be supplementary to our discussion.



Arthur Kay


more decks of the speaker