Intro to Hacking Web Applications

THAT Conference 2019
Day: Mon, Aug 5   Time: 8:00 AM   Duration: 8 hours   Location: TBD (map)
Level: 200  Primary Category: Security  Secondary Category: Web
Tags: javascript, security, HTML, Hacking
Description
Did you watch the 6 o’clock news this week? Cybersecurity is constantly making headlines, and nearly every day we hear about some major hack or new data breach. But what does that have do with your website or web application?

The vast majority of cyber attacks against a web application are relatively easy to defend -- yet most applications remain vulnerable. In fact many developers aren't even aware of how simple these attacks are to execute. Spoiler alert: it's really, really easy.

During this day-long workshop we'll use a variety of tools (including Kali Linux) to hack a vulnerable web application written in Node.js, Express and Angular. We'll cover a variety of approaches to how attackers exploit web applications: everything from XSS and SQL injections, to metasploit and burp, and lots of other hacking tricks.

Be prepared to learn, laugh and cry as we explore security flaw common to most web applications. You’ll leave this workshop with hands-on experience in penetration testing methodology, a deep understanding of the current OWASP best practices, and a broad appreciation for cybersecurity.

If you can’t protect your web applications from hackers, who will?
Agenda
OWASP Juice Shop is probably the most modern and sophisticated insecure web application, and is frequently used in security trainings, awareness demos, CTFs and as a guinea pig for security tools. We're going to spend the majority of our day learning about the various styles of cyber attacks against web applications -- and then applying that knowledge to hack the Juice Shop application. Time-permitting we will dive into a variety of tools -- Kali Linux and Burp come to mind, but those will be supplementary to our discussion.

Rough schedule:
* 8-9am Setup VMs
* 9am-10am Discussion of PenTest process and common tools
* 10am-12pm Hacking exercises
* 12-1pm Lunch
* 1-4pm Hacking exercises
Prerequisites
You definitely need to bring your own laptop.
Being familiar with Chrome DevTools or other native browser debugging tools will be the most helpful thing for this workshop. Strong Googling skills too.
Experience using NodeJS and the Linux command line will also be very helpful, but not required.