Web Hacking Tools

Most security presentation to developers are a dry rehashing of OWASP Top Ten; do this and don't do that with terse snippets of code.

 

This session aims to be different in that the tools that are available to hackers will be demonstrated to show how a web application is attacked. Using the OWASP Top Ten as a guide, a combination of vulnerabilities will be used to attack a demonstration application. Several tools will be highlighted: sqlmap,  BeEF (Browser Exploitation Framework), Metasploit, and just a web browser.

 

  • Recent events in security and hacking
  • Overview of OWASP 2013 Top Ten
  • Show how attacks are never a single issue, but combination of vulnerabilities
  • See what SQL Injection and password compromise really look like
  • See why XSS is a serious vulnerability

 

Join or login to comment.

  • Kelly B.

    The slides for the meeting have been posted to the files section and I updated the recording page with link to tonight's meeting.

    2 · June 20, 2013

    • prasad c.

      Thanks Kelly for updating Recordings and slides

      June 20, 2013

    • Assogba G.

      Thanks for putting the slide up

      June 20, 2013

  • Alfred

    Thank you Kelly. :-D

    June 20, 2013

  • Derrik O.

    Consistently well structured

    June 19, 2013

  • Derrik O.

    Very insightful information. Also I watched it online and the microphones work perfectly thank you Kelly

    June 19, 2013

  • Anastasia

    For me the session was very informative, as well as motivating for further learning about OWASP and the tools presented. Thanks a lot!

    1 · June 19, 2013

  • Eugene R.

    Good information was presented.

    June 19, 2013

  • Yoshiyuki T.

    It's very helpful.

    June 19, 2013

  • Kay

    Sorry I have a scheduling conflict. Please let me know about the next one!

    June 19, 2013

  • Kelly B.

    I posted the recordings of previous meetings on http://www.meetup.com/Capital-Area-Cyber-Security/pages/Meeting_Recordings/

    The URL to attend the this meeting on-line is:
    http://adobechats.adobeconnect.com/capsec2013june/

    You miss out on the hands on activities and some of the group discussion when you attend on-line. I don't have a mic I can pass around for group discussions and we generally can't put the lab VMs out for download because we use vulnerable windows machines as targets and there are licensing restrictions.

    1 · June 18, 2013

    • prasad c.

      gr8. Thanks

      June 18, 2013

    • A former member
      A former member

      Thanks, Kelly.

      June 18, 2013

  • Denise

    I will attend the this meeting on-line

    June 18, 2013

  • prasad c.

    Can somebody post some recordings of events o this group meetups / can make this event live online, Because i'm from Bangalore, India and very much like to know about Web Security. I'm a web developer and cross platform mobile app developer and want to update to latest security standards.

    June 17, 2013

    • A former member
      A former member

      Where would the recordings be posted?

      June 17, 2013

    • prasad c.

      may be on youtube. generally we post there for android meetups that i use to attend or there are many other better alternatives though.

      June 18, 2013

  • Lisa

    Is there a way we can login and watch the presentation live? Unfortunately, I live too far away from Rockville, MD. Thanks very much!

    June 17, 2013

  • Aldo R.

    Will be provided with equipment? Or do we need to our own laptops and be given the VM?

    June 17, 2013

    • David E.

      We use the computers in the training room booted with a USB stick that has BackTrack and the VMs on it. No need to bring a laptop.

      June 17, 2013

    • Aldo R.

      Cool. Thanks

      June 17, 2013

  • Kris

    Is this a hands-on workshop, or a demo? I'll be there either way; I'm just trying to figure out how prepared I should be :-).

    June 17, 2013

    • Alfred

      There has always been a hands-on component. It has always comprised at least 50 percent of the time spent at the meet up. I don't know about this particular event, but it will probably follow the normal pattern. The organizers feel strongly about helping participants gain functional skills.

      June 17, 2013

    • Kelly B.

      There will be a hands on component. We provide virtual machines and will walk you through how to use the tool before the hands on component, so you shouldn't need to prepare. Teaching you how to use the tools is one of the goals of the user group.

      June 17, 2013

  • Assogba G.

    I will be there

    June 16, 2013

  • Alfred

    Looking forward to this meet up. Great people and useful skills.

    June 16, 2013

  • Alfred

    I am looking forward to meeting and learning.

    June 16, 2013

Our Sponsors

  • AboutWeb

    Capital Area Cyber Security User Group

People in this
Meetup are also in:

Create a Meetup Group and meet new people

Get started Learn more
Bill

I started the group because there wasn't any other type of group like this. I've met some great folks in the group who have become close friends and have also met some amazing business owners.

Bill, started New York City Gay Craft Beer Lovers

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy