Title: Web Security Dojo – Your own personal web app fight club
Format: Presentation with demos and optional follow-along exercises
Web Security Dojo is a free open-source training environment for learning and practicing web app
security testing. It is ideal for self-paced learning and skill assessment, as well as training classes
and conferences since it does not require a network to function. Web Security Dojo contains
tools, targets, and documentation pre-installed within a single virtual machine image suitable for
Virtual Box or VMware.
This presentation will introduce the audience to the Web Security Dojo, and demonstrate how to
get up and running in a few easy steps. Participants are encouraged to follow along as the Web
Security Dojo is put through its paces locating and exploiting cross-site scripting (XSS) and SQL
injection flaws. The flaws and their potential impacts will be explained (and demonstrated) for
those not familiar with web app security.
* Set up and use the Web Security Dojo
* Understand two common web flaws, SQL injection and Cross Site Scripting (XSS)
* Locate and exploit XSS and SQL injection using commonly available free tools.
Anyone wishing to follow-along during the presentation should bring a laptop computer so
that they can run the Web Security Dojo virtual machine. Student system requirements are
simple:
any operating system that can run the latest stable version of VirtualBox (free from
http://www.virtualbox.org/). Currently supported operating systems included Windows,
Mac, and Linux. VMWare also works, but you will be shunned like a leper if you have
technical i ...
Ambassador - - 6th Floor HACK NYC 2018 events@magegroupe.comTitle: Web Security Dojo – Your own personal web app fight club
Format: Presentation with demos and optional follow-along exercises
Web Security Dojo is a free open-source training environment for learning and practicing web app
security testing. It is ideal for self-paced learning and skill assessment, as well as training classes
and conferences since it does not require a network to function. Web Security Dojo contains
tools, targets, and documentation pre-installed within a single virtual machine image suitable for
Virtual Box or VMware.
This presentation will introduce the audience to the Web Security Dojo, and demonstrate how to
get up and running in a few easy steps. Participants are encouraged to follow along as the Web
Security Dojo is put through its paces locating and exploiting cross-site scripting (XSS) and SQL
injection flaws. The flaws and their potential impacts will be explained (and demonstrated) for
those not familiar with web app security.
* Set up and use the Web Security Dojo
* Understand two common web flaws, SQL injection and Cross Site Scripting (XSS)
* Locate and exploit XSS and SQL injection using commonly available free tools.
Anyone wishing to follow-along during the presentation should bring a laptop computer so
that they can run the Web Security Dojo virtual machine. Student system requirements are
simple:
any operating system that can run the latest stable version of VirtualBox (free from
http://www.virtualbox.org/). Currently supported operating systems included Windows,
Mac, and Linux. VMWare also works, but you will be shunned like a leper if you have
technical issues following along.
5 GB of free HD storage
2 GB of RAM (more is better)
wifi networking capability (optional)
Before the presentation please:
1) Install the latest stable version of VirtualBox. Optionally you may also install the latest
version of “Oracle VM VirtualBox Extension Pack”. Both are free and found here:
http://www.virtualbox.org/wiki/Downloads
2) Download the Web Security Dojo from here: http://bit.ly/webdojo
This is a virtual machine image (.OVA file).
3) (Optional but recommended) Importing and starting this image will be covered during
the presentation, but it is best if you try ahead of time in case there are some conflicts
with your setup (such as virtualization capabilities disabled in your BIOS). To try the
import process simply double click the OVA file. That starts the import process in
VirtualBox. Accept the default settings (unless you’re sure you know what you are
doing). The import process takes about 2 to 5 minutes.
Code of Conduct | Press Releases |
Get Involved | Report ISSUE / BUG |
Tickets |
The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.