*Understanding Web Vulnerabilities from a Penetration Testers Perspective*
Join us for the Women's Society of Cyberjutsu (WSC) Cybersecurity Workshop hosted from our Washington, DC location. This is a hands-on, practical workshop where you will put into practice those things you may have read or covered in a class. This is also a great way to keep your skills fresh if you’re a veteran.
Every workshop addresses beginner and advanced topic material. Beginners are encouraged to watch and learn as much as possible even though you may not have a clue. Exposure to new tools and techniques by watching will advance your learning process a lot quicker than trying to learn on your own. You will get to ask questions and see how it's done in the real world. Advanced attendees are encouraged to share and help answer "noob" questions as much as possible so everyone can learn from them.
The web has been evolving for the the last 20+ years. In that time people have gone from making static web pages in text and images, to ones that are more complicated with databases, scripting languages and style sheets. This has led to a merging of code and data, so much in fact that the browsers blur these aspects and sometimes don't even know what code is and what raw data is. If programmers don't validate the input of the users (or attackers) then the user may be able to take over control of the application and extract personal identifiable information (PII) from the back end database.
In this workshop we'll go over the basics of the web so you understand the background, then we will dive into some of the main areas that have become a problem in the past years. Each area section will be followed up with a hands on practice and tools to give some experience in how the given vulnerability can result in data loss.
2. History of the Web, and why it is such a mess ( lack of input validation)
3. Man in the Middle attacks and HTTPS
4. Cross Site Scripting (XSS)
5. SQL Injection
6. Social Networking attacks and URL obfuscation
7. Browser Plugins and Vulnerabilities Surrounding them
We are please to have Joshua Schroeder (aka JoshInGeneral) present this workshop. Josh currently works as a Linux Administrator in the Washington DC Area for the federal government. He has a Masters degree from UNC Charlotte with a Concentration in Security and Privacy, where he founded of the 49th Security Division and was a two time winner of the South East Collegiate Cyber Defense Competition. He's done work for the military and private sector in the areas of web penetration testing, network security and defense R&D, as well as runs his own business doing web development and network setups.
In the last year he has taken up conference speaking engagements in the area of web security such as this one. In his free time he enjoys playing FPS's, Swimming, Traveling, and Scripting.
- You must bring your own laptop.
- Must be installed with Virtualbox.
- Download the Backtrack virtual machine here, extract and load in Virtualbox. Download version 5r3, Gnome, 32/64bit, VMware. 64bit will default to an ISO image.
- Instructions here
- Knowledge of basic networking and IT.
- Good attitude, willingness to learn and share.
If you are attending remotely you must register on the website.Once registered, you’ll receive the meeting participation info by email the day before the workshop. Please have a working webcam/mic. Expect to join 15-30 minutes prior to test your technical configurations.
Onsite - $20, Remote - $5
We only have room for 24 onsite so register early.
Refunds are offered if:
- The workshop is cancelled
- You cancel at least 1 day before the workshop; by 1000am Friday (7/12) morning
Use front door. POC:[masked]
Earn CPE's towards your certification
Food & beverages are provided