Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more
Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this hands-on training!
To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.
After completing this training, you will have learned about:
- tools/techniques for effective hacking of web applications
- non-standard XSS, SQLi, CSRF
- RCE via serialization/deserialization
- bypassing password verification
- remote cookie tampering
- tricky user impersonation
- serious information leaks
- browser/environment dependent attacks
- XXE attack
- insecure cookie processing
- session related vulnerabilities
- mixed content vulnerability
- SSL strip attack
- path traversal
- response splitting
- bypassing authorization
- file upload vulnerabilities
- caching problems
- clickjacking attacks
- logical flaws
- and more…
If you want to know what students from Oracle, Adobe, ESET and other companies say about this training, then visit this page to learn more.
To get the most of this training basic knowledge of web application security is needed. Students should have some experience in using a proxy, such as Burp, or similar, to analyze or modify the traffic.
Students will need a laptop with 64-bit operating system, at least 4 GB RAM (8 GB preferred), 35 GB free hard drive space, USB and Ethernet ports, administrative access, ability to turn off AV/firewall and VMware Player installed (64-bit version).
Dawid is founder and CEO at Silesia Security Lab, which delivers specialized security auditing and training services. He also works as Security Architect at Future Processing.
Dawid shares his security bug hunting experience in his hands-on training "Hacking web applications - case studies of award-winning bugs in Google, Yahoo, Mozilla and more". He delivered security trainings/workshops at Hack In The Box (Amsterdam), CanSecWest (Vancouver), DeepSec (Vienna), Hack In Paris (Paris) and for many private companies. He also spoke at Security Seminar Series (University of Cambridge) and published over 20 security articles (InfoSec Institute).
Mon. 5 - 6 October 2015 (09:00 - 17:00)