Hacking Modern Web apps with RCE and Prototype Pollution

Speaker: Abraham Aranguren, Founder, Managing Partner, 7ASecurity

Topic: Hacking Modern Web apps with RCE and Prototype Pollution

Live stream: https://www.twitch.tv/owaspoc

Abstract:
If you are the kind of person who enjoys webinars with practical information that you can immediately apply when you go back to work, this webinar is for you, all action, no fluff :)

“Hacking Modern Web apps: Master the Future of Attack Vectors” is a web security course that provides you with case studies from real-world vulnerable applications as well as know-how and techniques to take your websec kung-fu to the next level. In this brief 60-minute webinar we will explain what the course covers and give you a few lab samples covering the following topics:
● RCE options against Node.js applications
● Introduction to Prototype Pollution
● Prototype Pollution attacks in practice

Attendants will be provided with training portal access to practice the attack vectors covered. This includes: Lifetime access to a training portal, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.

Come and join us for this 60-minute hacking session, we’re sure you’ll leave with a thirst for more!

Cannot make it? For free access to the slides, vulnerable apps to practice with and recording, please visit:
https://store.7asecurity.com/collections/free/products/workshop-web-apps

Speaker Bio:
After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of “Practical Web Defense” - a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

LinkedIn: https://www.linkedin.com/in/abrahamaranguren/
Company website: https://7asecurity.com
LinkedIn: https://www.linkedin.com/company/7asecurity/
Twitter: https://twitter.com/7asecurity

Synopsys has donated two gift cards to be raffled off at the end of the meeting. A raffle entry form will be published during the meeting.

NOTE: Due to the continuing health concerns relating to the spread of the coronavirus disease (COVID-19), we will be meeting virtually until further notice.