Web Application (In)Security
Overview
NGSSoftware works at the cutting edge of web application security, performing penetration tests on some of the most high-profile sites on the internet, as well as writing many of the tools which are commonly used in application testing. In this course we cover all areas of web application security from Cross-Site Scripting, SQL Injection, LDAP Injection, Java Applet disassembly, Command Injection, Shared Hosting security bypasses, IDS Evasion and vulnerabilities in off-the-shelf products. Delegates will get the opportunity to try their had at all of these and much more in the practical exercises. With much of Web Application security now common knowledge, NGSSoftware has pushed this subject to its new limits, sharing the techniques which make the difference between a methodology and a deep hack. Having written the two groundbreaking papers on SQL Injection, we share more, newer SQL hacks to beat the web applications currently out there. Powerful new demonstrations of real Cross Site Scripting exploitation will be provided. Client-side disassembly and ActiveX fuzzing will be explored. NGSSoftware will provide a toolset for delegates for all of the demonstrations, and move on from the labs to a final web application where delegates get the opportunity for some real hacking and fun in a "capture the flag" contest. This course has a heavy lab content, so familiarity with common web application tools and vulnerabilities is required for full appreciation of the course.
What to Bring
Basic networking knowledge required. Understanding of programming languages (especially PHP, ASP and ASP.NET) preferred. Participants are requested to bring their own laptops. No particular OS is required, but Windows, Linux or Mac is recommended.
