Web Application Security 101Workshop
This workshop is an introduction into attacking Web applications. The attendees will be placed into the position of an attacker and guided through an attack chain in order to break into a targeted web application. The goal of this Workshop is to make first experiences from an attacker's perspective, understand the security implications of bad design decisions and develop ideas on how to subvert security and access controls.
This workshop is meant to be an introduction into attacking web applications and no knowledge requirements exists to get into the shoes of an attacker with this course. Therefore a common base to start from is layed out in the form of a short introduction of basic terms and technology components, that are important when dealing with web application. Afterwards the target application is introduced and all attendees will be guided through an attack-chain in order to compromise the target application. By the end of this course all attendees will have made hands-on experience with attacking a web application, identified vulnerabilities and exploited those to gain privileged access to the target application.
- Introduction and Goals
- Web Application Attack Surface
- Attack scenario and preparation
- Start of the attack: Information Gathering
- Understanding the target: Identification of Weaknesses
- Getting Access: Exploitation
- Analysis of found and exploited vulnerabilities
- Outro, Recap and Q&A