Past Meetup

Review, Exploit and Learn from Vulnerable Web App

This Meetup is past

20 people went

Location image of event venue

Details

OWASP NZ (https://www.owasp.org/index.php/New_Zealand) Christchurch is hosting this event. Chris Campbell Security & Operations Consultant from Jade will be demonstration his "Broken By Design (http://bytefog.blogspot.co.nz/2014/07/broken-by-design.html)" SQLServer backed ASP.NET web application. Walking through some of the OWASP Top 10 (https://www.owasp.org/index.php/Top_10_2013-Top_10) vulnerabilities he has baked in.

Chris will then open it up for more of a workshop style segment where the group will move into compromising the web app in the form of SQLi, XSS and XSRF. We'll then compare the vulnerable areas with non vulnerable areas, review the source code and discuss mitigation techniques.

Attendees MUST bring a laptop/device to use to carry out the exploitation. At a minimum an http proxy such as OWASP's ZAP (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) or Burp Suite (http://portswigger.net/burp/) will be required, or possibly (although with much less functionality) Firefox's Tamper Data. Taking the attacks further BEeF (http://beefproject.com/) and/or the XSSF module (http://code.google.com/p/xssf/) with Metasploit would be handy or any other web penetration testing tools you're familiar with. Another option is to just bring a laptop/device with Kali (http://blog.binarymist.net/2014/03/29/up-and-running-with-kali-linux-and-friends/) installed or boot into an instance from a USB stick.

Attendees please register if you're coming. Places are limited due to the hands on nature of this event.

Big thanks to Dimension Data (http://www.dimensiondata.com/en-NZ) for providing the venue, network, and internet access.

BinaryMist (http://binarymist.net) Limited will be providing food and drinks.