AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Tuesday, June 24 • 14:00 - 18:00
Training room 1 - Java Web Hacking & Hardening

Sign up or log in to save this to your schedule and see who's attending!

This one day hands-on workshop focuses on securing Java web applications against malicious hacker attacks. During the workshop a Java web application (written specifically for this workshop) with lots of vulnerabilities is examined, exploited, and secured. We will start with common vulnerabilities found in web applications: Authentication bypasses, different flavours of XSS (reflected, stored, DOM-based), (blind) SQL-Injection, CSRF, Clickjacking, Command Injection, Path Traversals, SSRF, Session Attacks like Session Fixation, etc. and continue to more specialized security holes (covering XML like XXE Attacks and XPath Injections as well as REST-ful interfaces, JSON and WebSockets). Also prophylactic protection techniques are discussed like introducing protection tokens (e.g. OWASP’s CSRFGuard) as well as adding several security headers (CSP and more) and considering encryption techniques.

avatar for Christian Schneider

Christian Schneider

Whitehat Hacker, Christian Schneider
Christian Schneider (@cschneider4711) writes software since the nineties, works as a freelance software developer since 1997, and focuses on Java since 1999. Aside from the traditional software engineering tasks he support clients in the field of IT security. This includes penetration... Read More →

Tuesday June 24, 2014 14:00 - 18:00

Attendees (1)