Hack your own web-app

Time: 10:30 - 12:20

Room: Amsterdam

Abstract

Is your web application secure? How can you tell?

This workshop gives you an opportunity to experience your own web application from the Dark Side, from the perspective of a hacker. Forget about functional requirements, these two hours we will be exploring ways to break and abuse your application.

We will be using the 2013 OWASP Top 10 as a guideline for finding vulnerabilities and a broad set of tools in neatly prepared virtual machine, ready to be used.

You'll have fun tweaking HTTP requests, stealing session cookies and injecting all kinds of stuff into your web app. There will be some brute forcing and fuzzing as well :)

For those of you that cannot bring their own web application we will provide one with plenty of holes.

Practical notes:

Please bring a laptop or pair with someone. Make sure you have VirtualBox (https://www.virtualbox.org/) installed. Make sure you can run your web-app locally.

Erik Hooijmeijer

Erik Hooijmeijer is principal developer and certified ethical hacker at 42.

He studied electronics and thought to keep computers as a hobby. Reality soon proved otherwise. Erik has been developing software in different disciplines for 28 years. Just doing software development as a profession is not enough for him so there have been all kinds of special projects, many of which can be found at www.ctrl-alt-dev.nl.