Web Penetration & Hacking Tools
Most security presentation to developers are a dry rehashing of OWASP Top Ten; do this and don't do that with terse snippets of code. This session aims to be different in that the tools that are available to hackers will be demonstrated to show how a web application is attacked. Using the OWASP Top Ten as a guide, a combination of vulnerabilities will be used to attack a demonstration application. Two tools that will be highlighted are sqlmap, BeEF (Browser Exploitation Framework), Metasploit, and published exploit scripts. Main Points: * Recent events in security and hacking * Overview of OWASP 2013 Top Ten * Show how attacks are never a single issue, but combination of vulnerabilities * See what SQL Injection and password compromise really look like * See why XSS is a serious vulnerability * See authentication bypass in action * Quick overview of Web Application Firewalls and Web Vulnerability Scanners Target audience: Developers that want to be more security conscience Assumed Knowledge: Basic knowledge of OWASP Top Ten
About David Epler
Security Architect with AboutWeb in Rockville, MD.
Spoke at NCDevCon previously, dev.Objective(), CF Summit, various User groups
Follow David Epler on Twitter
Ready to Register for NCDevCon?