Hack7: Security and Gateways in Web Applications

Vulnerabilities in web applications are a popular target for hackers, as these often enable them to steal confidential data and penetrate further into the company network. During this two-day workshop, the participants will learn how hackers break into web applications and what risks applications may be exposed to. The training course presents the most common attacks in theory and practice. The objective is to enable the participants to personally carry out attacks on a web application, which was specially created for this purpose, at the end of the second training day.

Topics

Cross-site scripting (XSS)

  • Attacks on session information, phishing and defacing

Cross-site request forgery (XSRF)

SQL injection

OS command injection

Local/remote file inclusion (LFI/RFI)

  • Server attacks with your own program code

Session management

  • Getting to know the session management
  • Taking over of external sessions
  • Understanding of cookies and exploitation of flaws
  • Password-guessing attacks

Cookies

  • What should be observed during generation and use of (session) cookies

Browser Security Mechanisms

  • Same Origin Policy
  • Cross-Origin Resource Sharing

CAPTCHA

  • Impeding automated attacks and identification of weaknesses in protection measures

Exercises

  • Deepening the knowledge of topics by practical exercises
  • Independent analysis of a complete web application

Technical requirements

Basic knowledge of HTML, HTTP and SQL

Duration

Two days