Application Security, Basic, Intermediate, Advanced
Presented by: Bill SempfTime: Wednesday, Jan. 08, 8:00 AM - 12:00 PM
Bill will be joining us to teach a dynamic course to help us think like an attacker and give us all the coding tips we need to stop them cold in their tracks. Even the most experienced developers are sure to pick up some new tips and tricks. This hands-on half-day workshop will have something for everyone. Before we start, there will be some setup for labs and tools – so plan some time in advance and bring your Windows, Macintosh, or Linux laptop!
We will cover problems and solutions as they relate to application security and principles of application security
Demo a purposefully vulnerable web application, and work with tools. Then we will cover some specifics, at a pace for everyone!
Authentication: Covers all aspects of secure authentication, including building secure login screens, password storage, secure interactions between sites, and an overview of many other topics.
Injection: SQL, command, LDAP injection, just to name a few. Sending your commands to a backend system
Browser attacks: Finding and exploiting cross site scripting vulnerabilities
It will be easier if you bring a basic understanding of HTTP protocols and web applications. Set up the Juice Shop application with instructions from the precompiler site. Install Burp Suite Community Edition from Portswigger.