Loading…
AppSec IL 2020 has ended
Welcome to Virtual AppSec Israel 2020!
Back To Schedule
Tuesday, October 27 • 13:00 - 16:00
Intro to Hacking Web Applications

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Overview:
The vast majority of cyber attacks against a web application are relatively easy to defend – yet most applications remain vulnerable. In fact many developers aren’t even aware of how simple these attacks are to execute.

Spoiler alert: it’s really, really easy.

During this day-long workshop we’ll learn a variety of tools (including OWASP ZAP) to hack a vulnerable web application written in Node.js, Express and Angular. We’ll cover a variety of approaches to how attackers exploit web applications: everything from XSS and SQL injections, and lots of other hacking tricks.
Be prepared to learn, laugh and cry as we explore security flaws common to most web applications. You’ll leave this workshop with hands-on experience in penetration testing methodology, a deep understanding of the current OWASP best practices, and a broad appreciation for application security.

If you can’t protect your web applications from hackers, who will?

Agenda (3 hours):
  • 0:00 Intro & Broad discussion of Web App technologies (HTML, CSS, JS)
  • 0:15 Tour of Browser DevTools
  • 0:30 Use DevTools to find the easter eggs in OWASP Cyber Scavenger Hunt
  • 0:45 Browser extensions to help us enumerate Web App technologies
  • 1:00 Introduction of OWASP Juice Shop
  • 1:15 Using DevTools to find the Juice Shop “scoreboard”
  • 1:30 Solving some Juice Shop challenges
  • 2:00 Introduction of OWASP ZAP
  • 2:00 Enumerating the Juice Shop application with ZAP
  • 2:30 Advanced ZAP features
  • 3:00 End

Prerequisites:
Instance of OWASP Juice Shop (locally or via Heroku)
Install OWASP ZAP
Install Firefox or Chrome
Permissions to Install Browser extensions



Speakers
avatar for Arthur Kay

Arthur Kay

Principal Software Engineer, Cox Automotive
With nearly 20 years of engineering, operations and cybersecurity experience, Arthur Kay offers an extraordinary set of leadership skills and technical expertise to develop meaningful products and high-performing teams.Arthur is a successful entrepreneur, technology professional... Read More →


Tuesday October 27, 2020 13:00 - 16:00 IST
Track A