Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
View analytic
Monday, June 23 • 14:00 - 18:00
Training room 4 - MDSec's Web Application Hacker's Handbook, Live Edition

Sign up or log in to save this to your schedule and see who's attending!

The course follows the chapters of the Second Edition of The Web Application Hacker's Handbook, with strong focus on practical attacks (there are only 136 slides in either of the 2 or 3 day courses). After a short introduction to the subject we delve into common insecurities in logical order:



  • Introduction to Web Application Security Assessment (Chapters 1-3)



  • Automating Bespoke Attacks: Practical hands-on experience with Burp

    Suite (Chapter 13)



  • Application mapping and bypassing client-side controls (Chapters 4-5)



  • Failures in Core Defense Mechanisms: Authentication, Session

    Management, Access Control, Input Validation (Chapters 6-8)



  • Injection and API flaws: (Chapters 9-10)


  • User-to-User Attacks (Chapters 12-13)



Attendees will gain theoretical and practical experience of:



  • How to quickly and efficiently pinpoint and exploit vulnerabilities in web applications



  • How to hack using LDAP, XPath, SOAP, HTTP Parameter Pollution (HPP), and HPI



  • Real-world, 2012 techniques in SQL Injection against Oracle, MySQL and MSSQL



  • The real risk: how to turn XSS/CSRF vulnerabilities into full account compromise



  • Harnessing new technologies such as HTML5, NoSQL, and Ajax



  • New attack types and techniques: Bit Flipping, Padding Oracle, Automated

    Access Control checking


  • How to immediately recognise and exploit Logic Flaws



For more detailed information about the course's practical structure, see the Web Application Hacker's Methodology chapter from the original version of the book.

To see the practical exercises, in action, please visit:

http://www.mdsec.net/labs/demo.html 

Speakers
MP

Marcus Pinto

Marcus Pinto is a Director of MDSec and co-author of the Web Application Hacker’s Handbook, with over 13 years’ experience in technical security assessment and 8 years’ experience in delivering technical security training for global audiences such as Blackhat, Hack in the Box, Hacker Halted, Syscan and 44con.


Monday June 23, 2014 14:00 - 18:00
LAB027

Attendees (4)