Hack7: Web Application Hacking

Topics

Cross-site scripting (XSS)

• Taking over user sessions
• Privilege escalation
• Pasword theft

Cross-site request forgery (XSRF)

SQL injection

OS command injection

Local/remote file inclusion (LFI/RFI)

• Server attacks with your own program code

Session management

• Getting to know the session management
• Taking over of external sessions
• Understanding of cookies and exploitation of flaws
• Password-guessing attacks

Cookies

• What should be observed during generation and use of (session) cookies?

Browser security

• Same-Origin Policy
• Cross-Origin Resource Sharing

CAPTCHA

• Automated attacks and identification of weaknesses in protection measures

Exercises

• Deepening the learning content by practical exercises of all topics
• Independent analysis of a complete web application
• Deserialization attacks

Technical requirements

Basic knowledge of HTML, HTTP and SQL

Duration

Two days