Intro to Hacking Web Applications
Monday, July 25, 2022 - 6:00 PM UTC, for 4 hours.
Workshop (pre-conference)
Room: F
The vast majority of cyber attacks are relatively easy to defend – yet most web applications remain vulnerable. In fact, many developers aren’t even aware of how simple these attacks are to execute. Spoiler alert: it’s really, really easy. During this half-day workshop we’ll learn a variety of concepts and tools enabling us to hack our way into vulnerable web applications built with modern JavaScript frameworks like React, Angular and more. We’ll cover a variety of approaches for building threat models and exploiting vulnerabilities: everything from XSS to SQL injections to brute-force attacks and more! Be prepared to learn, laugh and cry as we explore security flaws common to both legacy and modern web applications. You'll walk away from this workshop with: * a deep understanding of application architectures and threat models, * a detailed understanding of OWASP best practices, and * specific countermeasures to keep your web applications secure Let's build a safer, more secure web together! NOTE: the exercises in this workshop are part of HackTheBox, and therefore require a VIP subscription to that service (~$15 USD/month) which is not included in the price of THAT. You can sign up the day of the workshop and immediately cancel afterwards... but please be aware of that extra fee.
Agenda
0:00 - 1:00 Discussion of hacking theory and web application architecture 1:00 - 2:00 Learning hacking tools via hands-on examples 2:00 - 4:00 Applying hacking skills on HackTheBox with interactive explanations and discussion
Prerequisites
No specific experience necessary, though a general familiarity with web technology (HTML, JS, cloud, etc) will come in handy and make this session more meaningful.
Take Aways
- Learn how hackers think about attacking a target
- Learn how modern JavaScript frameworks help to protect your app
- Learn tips and tools to keep your web application safe
