Difference between revisions of "Securing Web Apps workshop"

From HOPE Wiki
Jump to: navigation, search
(Created page with "Participants will attack Web applications with: command injection; SQL injection; Cross-Site Request Forgery; Cross-Site Scripting; cookie manipulation; and Server-Side Templa...")
 
(add HOPE2020 video)
 
Line 21: Line 21:
  
 
Visit [https://samsclass.info/ samsclass.info] to access the workshop materials.
 
Visit [https://samsclass.info/ samsclass.info] to access the workshop materials.
 +
 +
== Video ==
 +
A video of the workshop is available on the 2600 YouTube channel:<br>
 +
https://www.youtube.com/watch?v=XtFz4PcXoRg

Latest revision as of 19:24, 23 December 2020

Participants will attack Web applications with: command injection; SQL injection; Cross-Site Request Forgery; Cross-Site Scripting; cookie manipulation; and Server-Side Template Injection. We will also exploit Drupal and SAML. We will then implement network defenses and monitoring agents. We will use Burp, Splunk, and Suricata.

Prerequisites: participants should know basic security and networking. Experience with Web development is helpful but not necessary.

The workshop is structured in a CTF format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques.

Participants need a credit card (which won't be charged) to reserve a free Google Cloud server. All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.

Visit samsclass.info to access the workshop materials.

Video

A video of the workshop is available on the 2600 YouTube channel:
https://www.youtube.com/watch?v=XtFz4PcXoRg