Tag Archive

Special Offer for “Mastering Web Attacks with Full-Stack Exploitation” Training – get 3 for the Price of 1

Published on November 19, 2018 By lynx

The DeepSec training Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan has some seats left. Dawid has agreed to give away free access to two of his online courses for everyone booking tickets until Wednesday, 21 November 2018 (2359 CET). This gives you a perfect preparation for penetration testing, software development, […]

Last Call for your Web Application Security Training – Break all teh Web and enjoy it!

Published on November 9, 2018 By lynx

The Internet is full of web applications. Sysadmins used to joke that HTTP is short for Hypertext Tunnelling Protocol, because anything but web content is transported via HTTP these days. It’s the best way to break out of restricted environment, too. So the chances are good that you will need the skills for dealing with […]

DeepSec 2018 Training: Professional Bug Hunting for Early Bird Millionaires – Sensitive Data Exposure

Published on September 24, 2018 By lynx

DeepSec’s Early Bird Tariff is still valid for today. If you are interested in bug hunting for money, i.e. bug bounties, then you should hurry. Dawid Czagan is conducting a training at DeepSec 2018 where you can learn all you need to get started. If you don’t know what to expect, we recommend one of […]

DeepSec 2018 Training: Advanced Penetration Testing in the Real World – Davy Douhine & Guillaume Lopes

Published on September 24, 2018 By sanna

Guillaume and Davy, senior pentesters, will share many techniques, tips and tricks with pentesters, red teamers, bug bounty researchers or even defenders during a 2-day 100% “hands-on” workshop. This is the very training you’d like to have instead of wasting your precious time trying and failing while pentesting. The main topics of the training are: […]

DeepSec Training: Bug Bounty Hunting – How Hackers Find SQL Injections in Minutes with Sqlmap

Published on September 7, 2018 By lynx

In a previous article we talked about the Bug Bounty Hunting training by Dawid Czagan at DeepSec 2018. In case you do now know what to expect, there is a little teaser consisting of a full blown tutorial for you. Dawid has published as video tutorial that shows you how to use Sqlmap in order […]

Google supports DeepSec 2017

Published on October 12, 2017 By lynx

You have probably heard of Google. Well, you will be hearing more from them if you come to DeepSec 2017. They have agreed to support our conference. They will be on site, and you will be able to talk to them. Every year we aim to give you opportunities for a short-cut, for exchanging ideas, […]

DeepSec 2017 Talk: Bypassing Web Application Firewalls – Khalil Bijjou

Published on October 5, 2017 By sanna

Everyone has firewalls or filters. They are now called application-level gateway (ALG) and have lots of features included. Algorithms, signatures, heuristics, protocol checks, verification; you name it. It’s all in there. But does it work? Obfuscation and evading technology has been around since the first filter was created. Anticipating what data might look like is […]

DeepSec2016 Talk: The (In)Security or Sad State of Online Newspapers – Ashar Javed

Published on October 8, 2016 By sanna

Web sites are simply, one might think. The client requests a page, the server sends it, the layout is applied, and your article appears. This is a heavy simplification. It worked like this back in 1994. Modern web sites are much more complex. And complexity attracts curious minds. Usually that’s what gets you into trouble. […]

DeepSec2016 Workshop: Secure Web Development – Marcus Niemietz

Published on September 21, 2016 By sanna

The World Wide Web is everywhere. It has become the standard protocol for transferring data, accessing applications, configuring devices, controlling software, or even multimedia streaming. Most software development can’t be done without web applications. Despite the easy concept the technologies used in „HTTP/HTTPS“ have grown in very complex beasts. Few get it right, lots of […]

DeepSec 2016 Talk: CSP Is Dead, Long Live Strict CSP! – Lukas Weichselbaum

Published on September 8, 2016 By sanna

The Content Security Policy (CSP) is an additional layer of security for web applications. It is intended to detect and mitigate certain types of attacks. CSP is deployed by using the HTTP Content-Security-Policy header for publishing a policy. The policy instructs the web client how various resources will be used, where they come from, and […]

DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Published on September 2, 2016 By sanna

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We […]

DeepSec Video: Hacking Cookies in Modern Web Applications and Browsers

Published on February 9, 2016 By lynx

Cookies are solid gold when it comes to security. Once you have logged in, your session is the ticket to enter any web application. This is why most web sites use HTTPS these days. The problem is that your browser and the web applications needs to store these bits of information. Enter cookie hacking. A […]

DeepSec Video: 50 Shades of WAF – Exemplified at Barracuda and Sucuri

Published on January 30, 2016 By lynx

Sometimes your endpoint is a server (or a couple thereof). Very often your server is a web server. A lot of interesting, dangerous, and odd code resides on web servers these days. In case you have ever security-tested web applications, you know that these beasts are full of surprises. Plus the servers get lots of […]

DeepSec Workshops: Digitale Verteidigung – Wissen ist Macht

Published on October 20, 2015 By lynx

Wann haben Sie Ihren letzten Geschäftsbrief geschrieben? Und wann haben Sie das letzte Mal Stift und Papier dazu benutzt? Es macht nichts wenn Sie sich nicht daran erinnern können: Digitale Kommunikation ist Teil unseres Alltagslebens, nicht nur in der Geschäftswelt. Wir haben uns so sehr daran gewöhnt ständig online zu kommunizieren, das offline sein sich […]

DeepSec2015 Talk: Hacking Cookies in Modern Web Applications and Browsers – a short Interview with Dawid Czagan

Published on October 1, 2015 By sanna

You don’t have to be the cookie monster to see cookies all around us. The World Wide Web is full of it. Make sure not to underestimate their impact on information security. Dawid Czagan will tell you why. 1) Please tell us the top 5 facts about your talk. The following topics will be presented: […]