Intro to Web Application Hacking – DVD for Sale and Free Stream Available

By
psytek
Published: April 5, 2010Posted in: classes, hackingTags: , , , , , ,
Intro to Web Application Hacking – DVD for Sale and Free Stream Available

Update [4/11/10 - 10:40PM] UPDATE BELOW
You will learn and practice finding and exploiting vulnerabilities in a sample web application that closely resembles those containing your personal information, credit card numbers and even medical history.

There will be a live video feed on the www.alphaonelabs.com homepage for those hacking along from home.  (To ensure your stream stays up, please use an additional computer.  We will be changing proxy settings and browser configuration.)

This is a hands on class (Learn and Play!), please bring a laptop with the following installed:

  • Linux
  • VirtualBox or a VM containing windows XP
  • IE6 or IE7 with these plugins: Fiddler, Tamper IE and Web Scarab
  • FireFox with these plugins: XSS Me, SQL Inject Me and Hacker Bar
  • **A one time use VM may be provided for attendees on premesis

We will cover the following points, what they are, why are they bad, how to test for them and how to prevent them:

  • SQL Injection
  • Cross Site Scripting
  • Insecure Platforms
  • Default Content
  • Information Disclosure

We’ll also learn about and how to test for:

  • Encryption and Encruption
  • Input Validation
  • Authentication Methods

We’ll also cover some additional topics such as:

  • Cookies – nom nom nom nom (Bring cookies! Or a sandwich, coffee or snack.  You may get hungry during the 2 hours)
    • What goes into a cookie?
    • What should be in a cookie?
  • Session Identifiers
  • The OWASP top 10
  • Web Application best Practices
  • How attackers leverage multiple vulnerabilities for successful attacks
  • How to spot vulnerable applications before you share your information with them

Update [4/11/10 - 10:40PM]
The class was awesome. We had 13 continuous viewers on the stream and about 75 visitors during the duration of the class. 23 people were in the chat, and about 17 people at the space.

Slides from the talk. http://docs.google.com/present/view?id=djx8t44_92d4cxn4hf

Recorded stream:

If you want a higher quality copy to keep, we’ve made available a DVD recording for a $20 donation:


hits:4767

Post to Twitter

About the Author

psytek Psytek is an inventor and engineer. He collaborates with other members of Alpha One Labs on unique projects including a tweeting Christmas Tree, laser controlled lights, a telepresence bot, 3D POV and the beginnings of a ground breaking flying saucer design.