Tech Learning Collective

Technology education for radical organizers and revolutionary communities.

  • May 30, 2021 3:30 PM (-0400) May 30, 2021 5:00 PM
  • Remote
  • Status: CONFIRMED

Tickets are no longer available for this event.

View upcoming events or subscribe to our events calendar to make sure you catch the next one.

Event description

Learn the basics of website security auditing in this hands-on workshop that will introduce you to the OWASP Zed Attack Proxy (ZAP), a free, open source Web application security scanner and intercepting proxy. We’ll get set up with a practice target against which you can launch live-fire (but legal and safe!) Web exploits that run the gamut of attack categories from injection to broken authentication and access control. In the process, you’ll learn exactly how attackers, internal Red Teams, and professional penetration testers go about exploiting real vulnerabilities that are prevalent all across the Web today.

Workshop Description

According to Douglas Crockford, former distinguished architect of Internet behemoths PayPal and Yahoo! before that, “The Web is the most hostile software engineering environment imaginable.” Given that it’s hard enough to make Web applications work in the first place, is it any surprise that so many of them can be broken, hacked, and exploited? Of course, it’s often not good enough merely to break some system. Our task is to break into (or, break out of) that system.

The “front door” to most targets is usually their Web site and so in this offensive security workshop you’ll learn exactly how attackers, internal Red Teams, and professional penetration testers go about targeting websites, identifying vulnerabilities, and exploiting them. By using the OWASP Zed Attack Proxy (ZAP), a free and open source Web application security scanner, you’ll get a hands-on introduction to Web application security basics, intercepting proxy configuration, target scoping, and more. We’ll be targeting the OWASP Juice Shop, an intentionally vulnerable practice target that has a slew of common Web vulnerabilities for us to learn about collectively known as the OWASP Top Ten. They include SQL injection, sensitive data exposure, cross-site scripting (XSS), broken authentication and access control, and many others.

Today’s World Wide Web has become a worldwide battleground, economically, militarily, and culturally. By knowing how the Web-based systems we all use—or even build!—can be made to fail in just the “right” way, we can better protect ourselves and our organizations from the constant barrage of attacks flying across the Internet. Come learn how to hack yourself before your opponents do, so you can find vulnerabilities and shore up defenses in your own Web projects before attackers get the chance to leak your sensitive data such as usernames and passwords, install malware on your systems, or penetrate your network.

As this is a remote/online-only event, there is no physical class space, but attendance is still limited to 15 students, so purchase your ticket now to reserve your spot.

To participate in our webinars, you will need access to a modern Web browser such as an up-to-date copy of Mozilla Firefox or Google Chrome. You will also need a reliable Internet connection. We recommend disabling Wi-Fi and plugging your computer in to a hard-wired Ethernet network cable for the duration of the webinar, if possible.

If you would like to share your video screen or appear on camera, you will need to have and activate your own camera, such as the one built-in to many modern laptops. Similarly, to speak with the rest of the webinar participants, you will need a microphone. If you do choose to activate your microphone, we ask that you please plug in headphones/ear buds or use a headset in order to help reduce audio feedback loops that can degrade the webinar experience for other participants.

Please refer to our workshops and webinars FAQ for additional tips and advice before you join the video conference.

As with all Tech Learning Collective events, racism, queerphobia, transphobia, sexism, “brogrammer,” “manarchist,” or any kind of similarly awful behavior will result in immediate removal from class without a refund. Please refer to our lightweight social rules for details on our strictly enforced no-tolerance policy against bigotry of any kind.

About Tech Learning Collective

Tech Learning Collective is an apprenticeship-based technology school that trains politically self-motivated individuals in the arts of hypermedia, Information Technology, and radical political practice. We offer unparalleled free, by-donation, and low-cost computer classes on topics ranging from fundamental computer literacy to the same offensive computer hacking techniques used by national intelligence agencies and military powers (cyber armies). For more information and to enroll, visit TechLearningCollective.com.

Performances by

Presented by