The most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs and developers, managers from both private and public sector.
The purpose of this workshop is to give participants a strong understanding of the most common web application vulnerabilities and their associated risks.
We will discuss in detail each type of vulnerability from the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be presented and used during the workshop.
This will be a (very) hands-on workshop where we will practice exercises as:
Discover SQL injection and exploit it to extract information from the database ; Find OS command injection and exploit it to execute arbitrary commands on the target server ; Discover Cross-Site Scripting and exploit it to gain access to another user’s web session ; Identify Local File Inclusion and exploit it to gain remote command execution ; Find Cross-Site Request Forgery and exploit it to gain access to the admin panel ; Other fun and challenging tasks.