Loading…
AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

LAB027 [clear filter]
Monday, June 23
 

09:00 BST

Training room 4 - MDSec's Web Application Hacker's Handbook, Live Edition
The course follows the chapters of the Second Edition of The Web Application Hacker's Handbook, with strong focus on practical attacks (there are only 136 slides in either of the 2 or 3 day courses). After a short introduction to the subject we delve into common insecurities in logical order:



  • Introduction to Web Application Security Assessment (Chapters 1-3)



  • Automating Bespoke Attacks: Practical hands-on experience with Burp

    Suite (Chapter 13)



  • Application mapping and bypassing client-side controls (Chapters 4-5)



  • Failures in Core Defense Mechanisms: Authentication, Session

    Management, Access Control, Input Validation (Chapters 6-8)



  • Injection and API flaws: (Chapters 9-10)


  • User-to-User Attacks (Chapters 12-13)



Attendees will gain theoretical and practical experience of:



  • How to quickly and efficiently pinpoint and exploit vulnerabilities in web applications



  • How to hack using LDAP, XPath, SOAP, HTTP Parameter Pollution (HPP), and HPI



  • Real-world, 2012 techniques in SQL Injection against Oracle, MySQL and MSSQL



  • The real risk: how to turn XSS/CSRF vulnerabilities into full account compromise



  • Harnessing new technologies such as HTML5, NoSQL, and Ajax



  • New attack types and techniques: Bit Flipping, Padding Oracle, Automated

    Access Control checking


  • How to immediately recognise and exploit Logic Flaws



For more detailed information about the course's practical structure, see the Web Application Hacker's Methodology chapter from the original version of the book.

To see the practical exercises, in action, please visit:

http://www.mdsec.net/labs/demo.html 

Speakers
MP

Marcus Pinto

Marcus Pinto is a Director of MDSec and co-author of the Web Application Hacker’s Handbook, with over 13 years’ experience in technical security assessment and 8 years’ experience in delivering technical security training for global audiences such as Blackhat, Hack in the Box... Read More →


Monday June 23, 2014 09:00 - 13:00 BST
LAB027

14:00 BST

Training room 4 - MDSec's Web Application Hacker's Handbook, Live Edition
The course follows the chapters of the Second Edition of The Web Application Hacker's Handbook, with strong focus on practical attacks (there are only 136 slides in either of the 2 or 3 day courses). After a short introduction to the subject we delve into common insecurities in logical order:



  • Introduction to Web Application Security Assessment (Chapters 1-3)



  • Automating Bespoke Attacks: Practical hands-on experience with Burp

    Suite (Chapter 13)



  • Application mapping and bypassing client-side controls (Chapters 4-5)



  • Failures in Core Defense Mechanisms: Authentication, Session

    Management, Access Control, Input Validation (Chapters 6-8)



  • Injection and API flaws: (Chapters 9-10)


  • User-to-User Attacks (Chapters 12-13)



Attendees will gain theoretical and practical experience of:



  • How to quickly and efficiently pinpoint and exploit vulnerabilities in web applications



  • How to hack using LDAP, XPath, SOAP, HTTP Parameter Pollution (HPP), and HPI



  • Real-world, 2012 techniques in SQL Injection against Oracle, MySQL and MSSQL



  • The real risk: how to turn XSS/CSRF vulnerabilities into full account compromise



  • Harnessing new technologies such as HTML5, NoSQL, and Ajax



  • New attack types and techniques: Bit Flipping, Padding Oracle, Automated

    Access Control checking


  • How to immediately recognise and exploit Logic Flaws



For more detailed information about the course's practical structure, see the Web Application Hacker's Methodology chapter from the original version of the book.

To see the practical exercises, in action, please visit:

http://www.mdsec.net/labs/demo.html 

Speakers
MP

Marcus Pinto

Marcus Pinto is a Director of MDSec and co-author of the Web Application Hacker’s Handbook, with over 13 years’ experience in technical security assessment and 8 years’ experience in delivering technical security training for global audiences such as Blackhat, Hack in the Box... Read More →


Monday June 23, 2014 14:00 - 18:00 BST
LAB027
 
Tuesday, June 24
 

09:00 BST

Training room 4 - MDSec's Web Application Hacker's Handbook, Live Edition
The course follows the chapters of the Second Edition of The Web Application Hacker's Handbook, with strong focus on practical attacks (there are only 136 slides in either of the 2 or 3 day courses). After a short introduction to the subject we delve into common insecurities in logical order:



  • Introduction to Web Application Security Assessment (Chapters 1-3)



  • Automating Bespoke Attacks: Practical hands-on experience with Burp

    Suite (Chapter 13)



  • Application mapping and bypassing client-side controls (Chapters 4-5)



  • Failures in Core Defense Mechanisms: Authentication, Session

    Management, Access Control, Input Validation (Chapters 6-8)



  • Injection and API flaws: (Chapters 9-10)


  • User-to-User Attacks (Chapters 12-13)



Attendees will gain theoretical and practical experience of:



  • How to quickly and efficiently pinpoint and exploit vulnerabilities in web applications



  • How to hack using LDAP, XPath, SOAP, HTTP Parameter Pollution (HPP), and HPI



  • Real-world, 2012 techniques in SQL Injection against Oracle, MySQL and MSSQL



  • The real risk: how to turn XSS/CSRF vulnerabilities into full account compromise



  • Harnessing new technologies such as HTML5, NoSQL, and Ajax



  • New attack types and techniques: Bit Flipping, Padding Oracle, Automated

    Access Control checking


  • How to immediately recognise and exploit Logic Flaws



For more detailed information about the course's practical structure, see the Web Application Hacker's Methodology chapter from the original version of the book.

To see the practical exercises, in action, please visit:

http://www.mdsec.net/labs/demo.html 

Speakers
MP

Marcus Pinto

Marcus Pinto is a Director of MDSec and co-author of the Web Application Hacker’s Handbook, with over 13 years’ experience in technical security assessment and 8 years’ experience in delivering technical security training for global audiences such as Blackhat, Hack in the Box... Read More →


Tuesday June 24, 2014 09:00 - 13:00 BST
LAB027

14:00 BST

Training room 4 - MDSec's Web Application Hacker's Handbook, Live Edition
The course follows the chapters of the Second Edition of The Web Application Hacker's Handbook, with strong focus on practical attacks (there are only 136 slides in either of the 2 or 3 day courses). After a short introduction to the subject we delve into common insecurities in logical order:



  • Introduction to Web Application Security Assessment (Chapters 1-3)



  • Automating Bespoke Attacks: Practical hands-on experience with Burp

    Suite (Chapter 13)



  • Application mapping and bypassing client-side controls (Chapters 4-5)



  • Failures in Core Defense Mechanisms: Authentication, Session

    Management, Access Control, Input Validation (Chapters 6-8)



  • Injection and API flaws: (Chapters 9-10)


  • User-to-User Attacks (Chapters 12-13)



Attendees will gain theoretical and practical experience of:





  • How to quickly and efficiently pinpoint and exploit vulnerabilities in web applications



  • How to hack using LDAP, XPath, SOAP, HTTP Parameter Pollution (HPP), and HPI



  • Real-world, 2012 techniques in SQL Injection against Oracle, MySQL and MSSQL



  • The real risk: how to turn XSS/CSRF vulnerabilities into full account compromise



  • Harnessing new technologies such as HTML5, NoSQL, and Ajax



  • New attack types and techniques: Bit Flipping, Padding Oracle, Automated

    Access Control checking


  • How to immediately recognise and exploit Logic Flaws



For more detailed information about the course's practical structure, see the Web Application Hacker's Methodology chapter from the original version of the book.

To see the practical exercises, in action, please visit:

http://www.mdsec.net/labs/demo.html 

Speakers
MP

Marcus Pinto

Marcus Pinto is a Director of MDSec and co-author of the Web Application Hacker’s Handbook, with over 13 years’ experience in technical security assessment and 8 years’ experience in delivering technical security training for global audiences such as Blackhat, Hack in the Box... Read More →


Tuesday June 24, 2014 14:00 - 18:00 BST
LAB027
 
Wednesday, June 25
 

10:00 BST

Capture the Flag (Day 1 AM)
Volunteers

Wednesday June 25, 2014 10:00 - 13:30 BST
LAB027

13:30 BST

Capture the Flag (Day 1 PM)
Volunteers

Wednesday June 25, 2014 13:30 - 20:30 BST
LAB027
 
Thursday, June 26
 

08:00 BST

Capture the Flag (Day 2 AM)
Volunteers

Thursday June 26, 2014 08:00 - 13:30 BST
LAB027

13:30 BST

Capture the Flag (Day 2 PM)
Volunteers

Thursday June 26, 2014 13:30 - 16:00 BST
LAB027
 
Filter sessions
Apply filters to sessions.