Loading…
AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Back To Schedule
Tuesday, June 24 • 14:00 - 18:00
Training room 1 - Java Web Hacking & Hardening

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This one day hands-on workshop focuses on securing Java web applications against malicious hacker attacks. During the workshop a Java web application (written specifically for this workshop) with lots of vulnerabilities is examined, exploited, and secured. We will start with common vulnerabilities found in web applications: Authentication bypasses, different flavours of XSS (reflected, stored, DOM-based), (blind) SQL-Injection, CSRF, Clickjacking, Command Injection, Path Traversals, SSRF, Session Attacks like Session Fixation, etc. and continue to more specialized security holes (covering XML like XXE Attacks and XPath Injections as well as REST-ful interfaces, JSON and WebSockets). Also prophylactic protection techniques are discussed like introducing protection tokens (e.g. OWASP’s CSRFGuard) as well as adding several security headers (CSP and more) and considering encryption techniques.

Speakers
avatar for Christian Schneider

Christian Schneider

Whitehat Hacker, Christian Schneider
Christian has pursued a successful career as a freelance Java software developer since 1997 and expanded it in 2005 to include the focus on IT security. His major areas of work are penetration testing, security architecture consulting, and threat modeling. As a trainer, Christian... Read More →


Tuesday June 24, 2014 14:00 - 18:00 BST
LAB111

Attendees (1)