Penetration Testing & Ethical Hacking Workshop:
A deliberately vulnerable hosted web application (Wordpress Blog) that enables an attacker to perform a number of exploits, permitting access to both the application itself and the underlying operating system.
Techniques that will be illustrated include:
Cross Site Scripting (XSS, Stored and Reflective)
SQL Injection (authentication bypass, credential dumping)
Directory Traversal (Unauthorized filesystem access)
Password hash cracking (JTR) "
If there is time (cannot say for sure yet), I would also really like to demonstrate the effectiveness of a low-bandwidth denial of service tool for web servers called Sloloris: http://ha.ckers.org/slowloris/ There are a number of characteristics that make this a novel DoS utility, while staying very simple to use.