Hands-On Web Hacking
Format: 30-minute modules focused on familiarizing attendees with web vulnerabilities and how to use common tools to exploit them. We will rotate through 7-8 different vulnerabilities and exercises over the course of the training. Students are free to come and go for the tools and vulnerabilities they are interested in.
Vulnerabilities: Broken Access Control, User Enumeration, Insecure Direct Object Reference, SQL Injection, Cross-Site Scripting, Security Misconfigurations
Tools: Burp Suite Professional, SQLMap, Browser Exploitation Framework (BeEF), SVN Digger, Git Digger, GraphQL, Postman
Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth currently hosts the Absolute AppSec podcast with Ken Johnson and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.
Justin Larson has several years of experience testing applications for security vulnerabilities. He has done is time of testing Java thick client apps from last century to hacking on the new hotness of SPAs. Justin is currently an Application Security engineer at Jane.com where he has been getting fully involved into the SDLC.