Tech Learning Collective

Technology education for radical organizers and revolutionary communities.

World Wide Wars: Introduction to Exploiting Web Applications

Poster for World Wide Wars: Introduction to Exploiting Web Applications
Persona matrix:
(What’s this?)

This workshop will introduce you to a free and professional-grade software program that is used to attack Web sites, called the OWASP Zed Attack Proxy. In a specially prepared lab environment, you will see how real-life attack techniques like code injection are discovered and used in order to gain unauthorized, administrative access to Web sites and steal information like user passwords. By seeing how and why the attacks work, you will be better prepared to defend your own accounts and any Web sites you might be building or be responsible for protecting.

Detailed description

According to Douglas Crockford, former distinguished architect of Internet behemoths PayPal and Yahoo! before that, “The Web is the most hostile software engineering environment imaginable.” Given that it’s hard enough to make Web applications work in the first place, is it any surprise that so many of them can be broken, hacked, and exploited? Of course, it’s often not good enough merely to break some system. Our task is to break into (or, break out of) that system.

The “front door” to most targets is usually their Web site and so in this offensive security workshop you’ll learn exactly how attackers, internal Red Teams, and professional penetration testers go about targeting websites, identifying vulnerabilities, and exploiting them. By using the OWASP Zed Attack Proxy (ZAP), a free and open source Web application security scanner, you’ll get a hands-on introduction to Web application security basics, intercepting proxy configuration, target scoping, and more. We’ll be targeting the OWASP Juice Shop, an intentionally vulnerable practice target that has a slew of common Web vulnerabilities for us to learn about collectively known as the OWASP Top Ten. They include SQL injection, sensitive data exposure, cross-site scripting (XSS), broken authentication and access control, and many others.

Today’s World Wide Web has become a worldwide battleground, economically, militarily, and culturally. By knowing how the Web-based systems we all use—or even build!—can be made to fail in just the “right” way, we can better protect ourselves and our organizations from the constant barrage of attacks flying across the Internet. Come learn how to hack yourself before your opponents do, so you can find vulnerabilities and shore up defenses in your own Web projects before attackers get the chance to leak your sensitive data such as usernames and passwords, install malware on your systems, or penetrate your network.

Upcoming “World Wide Wars: Introduction to Exploiting Web Applications” Events

Calendar Subscribe to our calendar. Download Download