Session Spotlight

Arthur Kay

Camp Counselor

Intro to Hacking Web Applications

Event Logo

Monday, July 25, 2022 - 1:00 PM CDT, for 4 hours.

Workshop (pre-conference)

Room: F

The vast majority of cyber attacks are relatively easy to defend – yet most web applications remain vulnerable. In fact, many developers aren’t even aware of how simple these attacks are to execute. Spoiler alert: it’s really, really easy. During this half-day workshop we’ll learn a variety of concepts and tools enabling us to hack our way into vulnerable web applications built with modern JavaScript frameworks like React, Angular and more. We’ll cover a variety of approaches for building threat models and exploiting vulnerabilities: everything from XSS to SQL injections to brute-force attacks and more! Be prepared to learn, laugh and cry as we explore security flaws common to both legacy and modern web applications. You'll walk away from this workshop with: * a deep understanding of application architectures and threat models, * a detailed understanding of OWASP best practices, and * specific countermeasures to keep your web applications secure Let's build a safer, more secure web together! NOTE: the exercises in this workshop are part of HackTheBox, and therefore require a VIP subscription to that service (~$15 USD/month) which is not included in the price of THAT. You can sign up the day of the workshop and immediately cancel afterwards... but please be aware of that extra fee.

Agenda

0:00 - 1:00 Discussion of hacking theory and web application architecture 1:00 - 2:00 Learning hacking tools via hands-on examples 2:00 - 4:00 Applying hacking skills on HackTheBox with interactive explanations and discussion

Prerequisites

No specific experience necessary, though a general familiarity with web technology (HTML, JS, cloud, etc) will come in handy and make this session more meaningful.

Take Aways

  • Learn how hackers think about attacking a target
  • Learn how modern JavaScript frameworks help to protect your app
  • Learn tips and tools to keep your web application safe
favorited by:
Josh Kinstler Kevin Moens Matthew Ives Jameson Gagnepain Nicolette Anderson Matt Li Zeke Juel Mike Demopoulos Ryan Holmes James McCollum Jamey Pietrowiak Justin Weyenberg Andrew Hooker Josh Kurnik YURSHIA XIONG Wendy Istvanick Kayley Carey Daniel Garcia Joe Slack Michael Caron Eric Boyd Arthur Kay Justin Allard bryan shannon Robert Derman Julia Froegel