Training Details

Advanced Web Hacking and Secure Coding

Trainer: Vikram Salunke

Abstract: Tired of alert('xss')? You want to learn advanced web hacking techniques then this training is for you. Training starts with the basic web app hacking and then move into more advanced stuff such as bypassing the XSS filters, HTML5 attacks and recent vulnerabilities such as Shellshock, Heartbleed, POODLE etc. This training is Hands-on training on Web Hacking and Secure coding. This training covers both offensive and defensive approach towards web applications. This training covers how to write secure code in multiple languages such as PHP, Java, C# etc. Lab contains multiple CMS such as Wordpress, Drupal, Joomla and multiple databases such as MySql, SQL Server, MongoDB etc. You will learn how to exploit and attack machines in the internal network using public facing servers. It contains secure coding practices recommended by OWASP. This training contains over 50 labs and 30+ challenges which are inspired by real world vulnerabilities and case studies.

Topics:

• User Enumeration
• Authentication and Password management
• Information Leakage
• HTTP Verb Tampering
• HTML Injection
• Cross Site Scripting (XSS)
• iFrame Injection
• LDAP Injection
• CSS Injection
• AJAX Security - JSON Injection
• CSRF
• Clickjacking
• Insecure direct object reference
• Open Redirects
• Broken Access Control
• SSRF
• SSI Injection
• JavaScript Validation Bypass
• SQL Injection
• JSON Hijacking
• Session Management
• Cookie Stealing
• Man-in-the-Middle
• HTML5
• XML, XPATH and XQUERY language injection
• JSON Web Token
• Insecure System Configuration
• RCE
• Path traversal
• LFI
• RFI
• HTTP Response Splitting
• Shellshock vulnerability
• Heartbleed vulnerability
• OWASP Top 10 Attacks
• OWASP Secure Coding Practices
• Logical Flaws
• and more...

Attendee requirements for this training:

• Modern laptop with wired or wireless networking capabilities
• OS - Mac OS or Windows
• At least 60 GB HD Free
• VMware Workstation / Fusion installed

Attendees will be provided with:

• Multiple vulnerable applications
• Hosted VMs for testing and training labs
• Over 50 labs and 30+ challenges to solve
• Training materials – presentation materials and lab examples.
• Custom tools and scripts
• Additional reading materials

Level: Intermediate.

Duration: Full day.

Cost: $500.

Tickets: Via Eventbrite

Infosec 101

Trainers: Kevin Alcock (@kevinnz) & Dan Wallis (@mrdanwallis)

Abstract: Do terms like XSS, SQLi, RCE, Buffer Overflow, Rootkit, Trojan, Phishing, DDoS, Malware, Virus, or just the word Hacker leave you confused? This training is for you. We all had to start somewhere and this is the training for you, the beginner. Dan and Kevin are here to help you into the world of information security. This will be a light hearted, fun and interactive session.

We'll talk through what these terms mean, and try to answer questions as we go. There'll be live examples of the basics, and an opportunity to try these out in a lab (so bring along a laptop). The goal of this session is to come away with some usable knowledge, and an entry level understanding of the information security world.

Topics:

• What is Hacking? (History, what's legal, ethics)
• Hacking in popular culture versus reality
• Getting started
• Understanding of attacks
• Performing your first attack
• Tools of the trade
• How to carry on beyond this session
• And more…

Level: Beginner.

Duration: Half day (afternoon).

Cost: $0, only available to students.

Tickets: Via Eventbrite