A practical introduction to web application security
Please note the following requirements for this workshop:
Required software:
- Windows (to run the following software)
- Visual Studio 2015
- A reasonably capable text editor (Notepad++ recommended)
- Firefox (for the "Edit and Resend" network feature)
If you do not have a Windows machine that you can bring on the day, we will have some lab computers running Windows available; however, they are not the fastest machines and may be an unfamiliar environment to you. Please keep this in mind!
Do you have what it takes to be a security researcher? What about just a plain old developer? As more and more of our lives take place in the cloud, developers are more and more likely to find themselves coding in a cloud-first environment where, in the wake of ever more breaches, security is taking the front stage.
In this workshop, you will given hands on experience finding, exploiting and fixing a number of application-level vulnerabilities including SQL Injection, cross site scripting and faulty secret generation. We will work through how to identify each vulnerability externally (as a hacker) as well as internally (as a code-reviewer) and examine strategies to detect, mitigate, and resolve these vulnerabilities.
James Venning | ||
Nicholas Daniels |