Submitted by Apoorva Giri (@apoorvagiri) on Wednesday, 24 December 2014
Technical level: Beginner
The instructors will explain the different types of attacks on Web Applications and Network Applications with the help of demos. Participants will follow the instructors on their laptops.
The following topics will be covered in this section:
- Network Scanning using Nmap.
- Exploitation of vulnerable services using Metasploit
- OWASP Top 10 for Web applications
A2-Broken Authentication and Session Management
A3-Cross-Site Scripting (XSS)
A4-Insecure Direct Object References
A6-Sensitive Data Exposure
A7-Missing Function Level Access Control
A8-Cross-site Request Forgery (CSRF)
A9-Using Components with Known Vulnerabilities
A10-Unvalidated Redirects and Forwards
• A laptop with Admin privileges. • At least 10 GB of free space. • Minimum 2GB Ram. • Operating System any of the following: OSX , Win 7 and above, Ubuntu 12.0.4. • VMware OR VirtualBox 4.x.x installed. • Kali OS iso from https://www.kali.org/downloads/ • Download OWASP BWA version 1.1.1 from http://sourceforge.net/projects/owaspbwa/files/
Apoorva Giri works as a Security Analyst with iViZ Security (a Cigital company). She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014at Kochi, Kerala. Her interests lie in Web Application Security and Mobile Security. She’s an active member of Null/OWASP Bangalore Chapter. She has been listed on the Barracuda Hall of Fame for finding vulnerabilities on their application.
Shruthi Kamath works at Infosys Limited. She is a certified Ethical Hacker from EC Council. She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014. She has conducted a one day workshop on “OWASP TOP 10” at Null Bangalore chapter. She has presented on “Secure SDLC” at c0c0n Conference 2013.She has participated at Jailbreak NULLCON 2014. She presented a talk on “Cybercrimes in India and its Mitigation” at the National Conference for Women Police held at Trivandrum. She is an active member of Null/OWASP Bangalore Chapter. Her area of interest is Web Application Security.