Skip to content

polina-munoz/black-hoodie-bay-area-2018

Repository files navigation

black-hoodie-bay-area-2018

[BHBA18] Web Application Security Workshop

Goal of workshop: Basics of web application security and explore common web attacks. At the end of the course you will have understood the concept, exploited and learnt to fix - XSS, CSRF and SQL injection. You will also get an opportunity to dabble in more esoteric attacks like XXE and SSRF on the second day.

Day 1:

  • Theory - CIA model, HTTP, DOM, Cookies, Same Origin Policy, HTTP Methods, HTTP Headers and CORS
  • Attacks - CSRF*, SQLi*, Command Injection, Broken session management*, Insecure Direct Object Reference*, Missing function access control, Logic Errors*

Day 2:

  • Attacks - Reflected XSS*, Stored XSS*, DOM XSS*, CSP*, Vulnerability chaining, SSRF*, XXE*
  • Final task - Trying to get Mehbank pro*

Some Prerequisites

Resources:

About

🔮 [BHBA 2018] Web Application Security Workshop

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published