Web Penetration & Hacking Tools

Most security presentation to developers are a dry rehashing of OWASP Top Ten; do this and don't do that with terse snippets of code.

This session aims to be different in that the tools that are available to penetration testers (and hackers) will be demonstrated to show how a web application is attacked. Using the OWASP Top Ten as a guide, a combination of vulnerabilities will be used to attack a demonstration application. Two tools that will be highlighted are sqlmap and BeEF (Browser Exploitation Framework).

Target audience: Developers that want to be more security conscience

Assumed Knowledge: None

You will learn:

  • Recent events in security and hacking
  • Overview of OWASP 2013 Top Ten
  • Show how attacks are never a single issue, but combination of vulnerabilities
  • See what SQL Injection compromise really look like
  • Demo: sqlmap
  • How easy it is to defeat weak password hashes
  • See why Cross Site Scripting (XSS) is a serious vulnerability
  • Demo: BeEF and Metasploit
  • See an attack on ColdFusion
  • Demo: Published Exploit Script
  • Quick overview of Web Application Firewalls and Web Vulnerability Scanners

October 16, 2014

10:15 am - 11:15 am
1 hour
Bristlecone 5
Security Architect