Attacking and Defending Web Applications: Hands-On

This track is now CLOSED, but you can be added to the "wait list" and be notified if and when space opens up. Simply select the "wait list" option when you register.


Please note that this is not an asynchronous on-line track. Everyone is expected to log in every day all day according to the Winter Working Connections schedule. This is a synchronous track.


This on-line Working Connections event is intended solely for the person who registers. No link sharing is permitted.


Description

In this workshop, participants will perform attacks on Web applications, including command injection, ImageMagick exploitation, SQL injection, Cross-Site Request Forgery, Cross-Site Scripting, and basic and advanced cookie manipulations. They will also configure defenses to stop these attacks. We will use Burp, Zed Attack Proxy, Tripwire, Snort, DNSCrypt, and CrypTool 2.

All project instructions and lecture materials are freely available online for use in other classes.

Textbook

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition, by Dafydd Stuttard, Marcus Pinto (ISBN-10: 1118026470).

We could not get e-books donated. This textbook isn't required to participate in the track, but your instructor calls it "the Bible for this topic." You may want to try requesting a desk copy of your own here:
http://www.wiley.com/WileyCDA/Section/id-301906.html

Or purchase it via Amazon.

Prerequisites

Students must have a computer with a Web browser and Java.
To do the optional Tripwire project, students need a Kali or Ubuntu Linux virtual machine. You can download one here:
https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

Instructor

sam-2015.png
Sam Bowne
City College of San Francisco

Sam has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, HOPE, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences. He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign.

Industry Certification Exams & Prizes:
Infosec: CISSP, Certified Ethical Hacker, Security+, Defcon 21 CTP Co-Winner (Black Badge)
Microsoft: MCP, MCDST, MCTS: Vista
Networking: Network+, Certified Fiber Optic Technician, HE IPv6 Sage, CCENT, IPv6 Forum Silver & Gold, Juniper JN0-101, Wireshark WCNA

Three Objectives

After completing this workshop, participants will be able to:
1. Exploit command injection vulnerabilities, and understand how to prevent them
2. Perform SQL injection attacks and defend servers from them
3. Understand how to view and manipulate cookies and parameters in Web queries to exploit vulnerable web applications

Agenda

Date
Lectures
Projects
Monday, Dec 12
8:30am-5:00pm Central
Ch 1: Web Application (In)security

Ch 2: Core Defense Mechanisms

Ch 3: Web Application Technologies
Project 1: Command Injection

Project 2: SQL Injection

Project 3: Intro to Burp

Project 1x: Command Injection Challenges

Project 2x: SQL Injection Challenges
Tuesday, Dec 13
8:30am-5:00pm Central
Ch 4: Mapping the Application

Ch 5: Bypassing Client-Side Controls

Ch 6: Attacking Authentication
Project 4: Zed Attack Proxy

Project 5: Mapping an Application with Burp

Project 7: Using Tripwire for Intrusion Detection

Project 8: Defeating Client-Side Validation with Burp

Project 3x: DNSCrypt on Windows

Project 4x: Encrypting Text in ECB and CBC Modes
Wednesday, Dec 14
8:30am-12:00pm Central
Ch 7: Attacking Session Management
Project 9: reCAPTCHA

Project 10: Exploiting ECB-Encrypted Tokens with Burp

Project 5x: Exploiting ECB Encryption

Resources

Instructor Links

Track lectures and projects (plus additional resources) can be found here:
https://samsclass.info/129S/129S-WWC2016.shtml
Firewall Essentials," "Teaching Cloud Storage," "vSphere," and "Wireless Technologies" tracks are now CLOSED, but you can be added to the "wait list" and be notified if and when space opens up. Simply make the "wait list" option your primary choice. While you are on the "wait list," you will be registered into your alternate track choice.