addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1linklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Web Penetration and Hacking Tools

  • Oct 16, 2013 · 6:30 PM
  • Vertex Pharmaceuticals

Meeting Description

ColdFusion and security expert David Epler will be giving this talk at the CF Summit conference and has agreed to preview it with the Boston CFUG!
Most security presentation to developers are a dry rehashing of OWASP Top Ten; do this and don't do that with terse snippets of code. This session aims to be different in that the tools that are available to penetration testers and hackers will be demonstrated to show how a web application is attacked. Using the OWASP Top Ten as a guide, a combination of vulnerabilities will be used to attack a demonstration application. Several tools will be highlighted: sqlmap, BeEF (Browser Exploitation Framework), Metasploit, and just a web browser. 

• Recent events in security and hacking

• Overview of OWASP 2013 Top Ten 

• Show how attacks are never a single issue, but combination of vulnerabilities 

• See what SQL Injection and password compromise really look like

• See why XSS is a serious vulnerability

• See authentication bypass in action

• Quick overview of Web Application Firewalls and Web Vulnerability Scanners. 

About the Speaker

David Epler is a Software Architect with AboutWeb in Rockville, MD. As a member of AboutWeb's solutions team, he has built, deployed, and maintained systems compliant with the most demanding regulations and mandates needed to pass security certification and accreditation for Federal Government clients. He has been developing with ColdFusion since version 4 and is an active member of the ColdFusion community. David has contributed to several open source ColdFusion projects and frameworks, along with the blog he maintains ( He was responsible for creating and maintaining Unofficial Updater 2  which makes patching ColdFusion 8 and 9 significantly easier before the Hotfix installer was introduced in ColdFusion 10. He also contributed the Security chapter for Learn CF in a Week. David has been a speaker at various user groups and conferences like cf.Objective(), CFUnited, RIACon, and Adobe Government Technology Summit. He also co-manages the Capital Area Cyber Security User Group in the DC Area ( 

Refreshments (pizza, soft drinks) will start at 6:30 and the talk will start at 7:00. Beers afterwards down the street at the Atlantic Beer Garden or the Whiskey Priest.

When you RSVP: If your Meetup profile name is not your full (First and Last) name, please provide your full name with your response. We'll need those to provide a list to building security on the day of the meeting. Thanks!

Note about parking/public transportation:  One Marina Park Drive is located on the South Boston Waterfront, between the Moakley Courthouse and the Institute of Contemporary Art (ICA). Some on-street parking is available near the building (on Seaport Boulevard & Northern Ave). The meters on Seaport Blvd stop at 6 pm, the ones on Northern Ave at 8 pm. There are also several parking lots in the area which charge ~$12-$15. Otherwise you can get there via the T (Silver Line SL1 Courthouse stop), theNumber 4 bus (Courthouse stop), or a 10 minute walk from South Station.

Join or login to comment.

  • A former member
    A former member

    So sorry -- I never actually posted the recording for this meeting. Here it is (finally)!

    April 30, 2014

  • A former member
    A former member

    Here is the slide deck for this meeting

    I'll post the Connect recording url soon.

    October 30, 2013

  • shmoo

    This session was very informative.

    October 21, 2013

  • Dan

    Yeah so not exactly sure what happened except I completely spaced even after changing my schedule to go. Are there notes that are viewable??

    October 17, 2013

    • A former member
      A former member

      for some reason there were a good number of no-shows. You all missed a great preso, though! I did record the Connect session so I'll post the link to the recording as soon as I figure out how to change the permissions on it. David is also going to send me a link to the slides which I'll share.

      October 17, 2013

    • Dan

      Excellent. It has been an insane few weeks and I think its catching up with me.

      October 17, 2013

  • Craig L.

    Would love to go, but I will be down in NC for training. This would have been a great one to attend!

    October 1, 2013

  • A former member
    A former member

    The last free pass to Web Unleashed will also happen at this meeting!

    1 · September 26, 2013

10 went

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy