Ambassador - - 6th Floor
May 08, 2018 11:30 AM - 12:00 Noon(America/New_York)
20180508T1130 20180508T1200 America/New_York Web App Security - The front door to your backend critical infrastructure

Title: Web Security Dojo – Your own personal web app fight club

Format: Presentation with demos and optional follow-along exercises

Web Security Dojo is a free open-source training environment for learning and practicing web app

security testing. It is ideal for self-paced learning and skill assessment, as well as training classes

and conferences since it does not require a network to function. Web Security Dojo contains

tools, targets, and documentation pre-installed within a single virtual machine image suitable for

Virtual Box or VMware.

This presentation will introduce the audience to the Web Security Dojo, and demonstrate how to

get up and running in a few easy steps. Participants are encouraged to follow along as the Web

Security Dojo is put through its paces locating and exploiting cross-site scripting (XSS) and SQL

injection flaws. The flaws and their potential impacts will be explained (and demonstrated) for

those not familiar with web app security.

* Set up and use the Web Security Dojo

* Understand two common web flaws, SQL injection and Cross Site Scripting (XSS)

* Locate and exploit XSS and SQL injection using commonly available free tools.

Anyone wishing to follow-along during the presentation should bring a laptop computer so

that they can run the Web Security Dojo virtual machine. Student system requirements are

simple:

 any operating system that can run the latest stable version of VirtualBox (free from

http://www.virtualbox.org/). Currently supported operating systems included Windows,

Mac, and Linux. VMWare also works, but you will be shunned like a leper if you have

technical i ...

Ambassador - - 6th Floor HACK NYC 2018 events@magegroupe.com
26 attendees saved this session

Title: Web Security Dojo – Your own personal web app fight club

Format: Presentation with demos and optional follow-along exercises

Web Security Dojo is a free open-source training environment for learning and practicing web app

security testing. It is ideal for self-paced learning and skill assessment, as well as training classes

and conferences since it does not require a network to function. Web Security Dojo contains

tools, targets, and documentation pre-installed within a single virtual machine image suitable for

Virtual Box or VMware.

This presentation will introduce the audience to the Web Security Dojo, and demonstrate how to

get up and running in a few easy steps. Participants are encouraged to follow along as the Web

Security Dojo is put through its paces locating and exploiting cross-site scripting (XSS) and SQL

injection flaws. The flaws and their potential impacts will be explained (and demonstrated) for

those not familiar with web app security.

* Set up and use the Web Security Dojo

* Understand two common web flaws, SQL injection and Cross Site Scripting (XSS)

* Locate and exploit XSS and SQL injection using commonly available free tools.

Anyone wishing to follow-along during the presentation should bring a laptop computer so

that they can run the Web Security Dojo virtual machine. Student system requirements are

simple:

 any operating system that can run the latest stable version of VirtualBox (free from

http://www.virtualbox.org/). Currently supported operating systems included Windows,

Mac, and Linux. VMWare also works, but you will be shunned like a leper if you have

technical issues following along.

 5 GB of free HD storage

 2 GB of RAM (more is better)

 wifi networking capability (optional)

Before the presentation please:

1) Install the latest stable version of VirtualBox. Optionally you may also install the latest

version of “Oracle VM VirtualBox Extension Pack”. Both are free and found here:

http://www.virtualbox.org/wiki/Downloads

2) Download the Web Security Dojo from here: http://bit.ly/webdojo

This is a virtual machine image (.OVA file).

3) (Optional but recommended) Importing and starting this image will be covered during

the presentation, but it is best if you try ahead of time in case there are some conflicts

with your setup (such as virtualization capabilities disabled in your BIOS). To try the

import process simply double click the OVA file. That starts the import process in

VirtualBox. Accept the default settings (unless you’re sure you know what you are

doing). The import process takes about 2 to 5 minutes.

CEO
,
Maven Security Consulting Inc.
Moderators public profile is disabled.
Attendees public profile is disabled.
Upcoming Sessions
237 visits

FAQ

 Code of Conduct  Press Releases
 Get Involved   Report ISSUE / BUG
Tickets  

The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.