AppSec Europe 2014

This one day hands-on workshop focuses on securing Java web applications against malicious hacker attacks. During the workshop a Java web application (written specifically for this workshop) with lots of vulnerabilities is examined, exploited, and secured. We will start with common vulnerabilities found in web applications: Authentication bypasses, different flavours of XSS (reflected, stored, DOM-based), (blind) SQL-Injection, CSRF, Clickjacking, Command Injection, Path Traversals, SSRF, Session Attacks like Session Fixation, etc. and continue to more specialized security holes (covering XML like XXE Attacks and XPath Injections as well as REST-ful interfaces, JSON and WebSockets). Also prophylactic protection techniques are discussed like introducing protection tokens (e.g. OWASP’s CSRFGuard) as well as adding several security headers (CSP and more) and considering encryption techniques.