Details

Penetration Testing & Ethical Hacking Workshop:

A deliberately vulnerable hosted web application (Wordpress Blog) that enables an attacker to perform a number of exploits, permitting access to both the application itself and the underlying operating system.

Techniques that will be illustrated include:

Cross Site Scripting (XSS, Stored and Reflective)

SQL Injection (authentication bypass, credential dumping)

Directory Traversal (Unauthorized filesystem access)

Password hash cracking (JTR) "

If there is time (cannot say for sure yet), I would also really like to demonstrate the effectiveness of a low-bandwidth denial of service tool for web servers called Sloloris: http://ha.ckers.org/slowloris/ There are a number of characteristics that make this a novel DoS utility, while staying very simple to use.