Most security presentation to developers are a dry rehashing of OWASP Top Ten; do this and don't do that with terse snippets of code.
This session aims to be different in that the tools that are available to hackers will be demonstrated to show how a web application is attacked. Using the OWASP Top Ten as a guide, a combination of vulnerabilities will be used to attack a demonstration application. Several tools will be highlighted: sqlmap, BeEF (Browser Exploitation Framework), Metasploit, and just a web browser.
- Recent events in security and hacking
- Overview of OWASP 2013 Top Ten
- Show how attacks are never a single issue, but combination of vulnerabilities
- See what SQL Injection and password compromise really look like
- See why XSS is a serious vulnerability