When Data Becomes Code

Full-Day Tutorial (6 hours)

Explore how carefully crafted data is at the heart of many security attacks.

Timetable

9:00 a.m. – 5:00 p.m. Monday 12th

Audience

Developers and Testers. Managers who want to set up a security team from ground up.

Required

Open mind (rest is manageable), Laptop, admin access to install, internet access

Key-Learnings

  • Injection attacks like SQL Injection
  • Interpreting non-injection attacks as injection attacks e.g. Path traversal
  • Solid foundation of security testing
  • Crafting data, piece by piece, for security testing
  • Intercepting proxy (BurpSuite)

Understanding Injection Attacks on Web Applications

At the the heart of many security attacks like the possibility that a user provides carefuly crafted data which goes on to be intepreted by a virtual machine. An example would be someone providing such data in place of an input as innocent as a book id, but resulting in disclosure of user names and passwords.

This tutorial explores in the simplest possible manner, how and why such attacks work. It takes the participants through practical exercises where they explore crafting such data by hand. Rather than teaching them payloads which they can cram, it helps them in building such payloads and then applying this knowledge to understand others.

All in all, this tutorial would result in a strong foundation for attendees in web application security testing, on which they can build further towards limitless opportunities.

Book Tutorial + Conf Days

Related Sessions

Wed, Nov 14 • 11:55 a.m. – 12:25 p.m.
Room F3 - Track 3: Talks

30-minute Talk

HACKING - BRIDGING THE GAP & GOING BEYOND TO FIGHT BLACK-HAT
Santhosh Tuppad
Wed, Nov 14 • 2:25 p.m. – 5:25 p.m.
Room D5+D6 - Track 6: Accessibility Deep Dive

150-min Workshop

Creativity, Imagination, and Creating Better Test Ideas
Paul Holland & Damian Synadinos
Wed, Nov 14 • 10:25 a.m. – 10:55 a.m.
Room F1 - Track 1: Talks

30-min New Voice Talk

Security Awareness "The Hackers Eyes"
Steven Nienhuis
Thu, Nov 15 • 2:25 p.m. – 5:25 p.m.
Room D5+D6 - Track 6: Accessibility Deep Dive

150-min Workshop

Thinking Outside the Box
Lisa Crispin & Stéphanie Desby