Dive into a hands-on web hacking session with David Rhoades of MavenSecurity.com in this 45-minute conference talk from BSidesPhilly 2017. Explore the Web Security Dojo, learning installation and startup procedures before delving into a comprehensive walkthrough and demo. Gain practical insights into various web vulnerabilities, including cross-site scripting (reflected and persistent), browser exploitation frameworks, and SQL injection. Discover essential tools like Sequel Map and command-line utilities for database vulnerability assessment. Understand the process of writing custom code for web beacons and the impact of cross-site scripting. Conclude by experimenting with password cracking techniques and hashes in the Web Security Dojo environment.
Overview
Syllabus
Introduction
Web Security Dojo
Installing Web Security Dojo
Starting Web Security Dojo
Web Security Dojo Walkthrough
Web Security Dojo Demo
Crosssite scripting
Browser exploitation framework
Reflected crosssite scripting
Persistent crosssite scripting
Web Beacons
Writing Your Own Code
Sequel Injection
Signal Injection
Tools
Sequel Map
Sequel Injection Demo
Save
Command Line
Database Vulnerability
hashes
password cracker
Play with Dojo
Impact of crosssite scripting
