DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We bet that you have something exposed on the Web and even probably don’t know about it. Don’t worry. Instead attend the DeepSec training session „Hacking Web Applications“ conducted by Dawid Czagan. He will teach you about what to look for when examining web applications with a focus on information security.

This hands-on web application hacking training is based on authentic, award-winning security bugs identified in some of the greatest companies (Google, Yahoo!, Mozilla, Twitter, etc.).

You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.

After completing this training, you will have learned about:
– tools/techniques for effective hacking of web applications
– non-standard XSS, SQLi, CSRF
– RCE via serialization/deserialization
– bypassing password verification
– remote cookie tampering
– tricky user impersonation
– serious information leaks
– browser/environment dependent attacks
– XXE attack
– bypassing authorization
– file upload vulnerabilities
– and more …

You will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What’s more, this environment is self-contained and when the training is over, you can take it home (after signing a non-disclosure agreement) to hack again at your own pace.

If you want to know what students from Oracle, Adobe, ESET, and other companies say about this training, visit this page to learn more.

More detailed information about the training can be found in the schedule for DeepSec 2016.

The workshop is definitely very hands-on (also it is extremely wow!). Only participants get the VMware® image with the testing environment. This image and all its accompanying material is not for public download, so don’t miss the opportunity!

We recommend this training for anyone doing web application development, penetration testing, or working on IT defence. Invest in two days of studies to save your web applications from serious harm!

Czagan_DawidDawid Czagan  has found security vulnerabilities in Google, Yahoo!, Mozilla, Microsoft, Twitter, BlackBerry and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid is founder and CEO at Silesia Security Lab, which delivers specialized security auditing and training services. He also works as Security Architect at Future Processing. Dawid shares his security bug hunting experience in his hands-on training “Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more”. He delivered security trainings/workshops at Hack In The Box (Amsterdam), CanSecWest (Vancouver), DeepSec (Vienna), Hack In Paris (Paris) and for many private companies. He also spoke at Security Seminar Series (University of Cambridge) and published over 20 security articles (InfoSec Institute). To find out about the latest in Dawid’s work, you are invited to visit his blog and follow him on Twitter.

Tags: , , , , , , , , ,

3 Responses to "DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan"