Title: A Hacker's approach to Web Applications Abstract: This talk will be a live demonstration of how a hacker discovers, analyzes, attacks, and exploits a web application. I will have several sites running on test machines that we will attack. Specific topics include performing reconnaissance, detecting and fingerprinting backend systems, and how to properly utilize different attack vectors like XSS, XSRF, and SQL Injection to do maximum damage to the site. I'll poke holes in common web security myths and I'll also discuss my experiences with pen testing real world sites. Finally, I'll show how to properly secure a website against evil people. Bio: Acidus spends his days trying to destroy the Intarweb as the lead R&D engineer at a major web security firm. He is far too curious for his own good, and likes really girlie drinks. You know, the kind that come in funny glasses with lots of fruit in them. Seriously, someone buy him a dark beer and some testicles. |