Intro to Web Application Hacking
Sunday, April 11, 2010 from 3:00 PM to 5:00 PM (EDT)
You will learn and practice finding and exploiting vulnerabilities in a sample web application that closely resembles those containing your personal information, credit card numbers and even medical history.
There will be a live video feed on the http://www.alphaonelabs.com homepage for those hacking along from home. (To ensure your stream stays up, please use an additional computer. We will be changing proxy settings and browser configuration.)
This is a hands on class (Learn and Play!), please bring a laptop with the following installed:
- VirtualBox or a VM containing windows XP
- IE6 or IE7 with these plugins: Fiddler, Tamper IE and Web Scarab
- FireFox with these plugins: XSS Me, SQL Inject Me and Hacker Bar
- **A one time use VM may be provided for attendees on premesis
We will cover the following points, what they are, why are they bad, how to test for them and how to prevent them:
- SQL Injection
- Cross Site Scripting
- Insecure Platforms
- Default Content
- Information Disclosure
We'll also learn about and how to test for:
- Encryption and Encruption
- Input Validation
- Authentication Methods
We'll also cover some additional topics such as:
- Cookies - nom nom nom nom (Bring cookies! Or a sandwich, coffee or snack. You may get hungry during the 2 hours)
- What goes into a cookie?
- What should be in a cookie?
- Session Identifiers
- The OWASP top 10
- Web Application best Practices
- How attackers leverage multiple vulnerabilities for successful attacks
- How to spot vulnerable applications before you share your information with them
This class will be recorded and distributed on DVD for a donation and available for free streaming online.