This workshop has already been published as a course!
By coding along with us in the Workshop, you'll:
- Get hands-on experience, both from the attacker and defender standpoint
- Understand the latest threats and advances in web application security
- Use penetration testing tools to detect vulnerabilities in a sample web application
- See first-hand, just how much damage an attacker can do with an XSS vulnerability
- Look at a man-in-the-middle attack, from the perspective of the attacker, the developer, and the victim.
- And moreâ€¦
Your (Awesome) Instructor
Spend A Full Day Immersed With Mike North
Web Security Security is an increasingly important part of building modern web applications, but it often falls victim to the pressure of tight deadlines. As attacks become more sophisticated, protecting our users becomes not just an ethical responsibility, but part of preserving a company's reputation and trust. In an effort to understand what we as developers are up against, we'll get hands-on experience staging some attacks, and in doing so learn how we can fend off those who would do our users harm. We'll begin with a series of attacks that relate to a web application client, starting with Cross-Site Scripting (XSS) and malicious image/pdf attachments. We'll get authenticated users to perform unwanted actions using a Cross-Site Request Forgery (CSRF) attack, and learn about defense strategies like CSRF tokens. We'll even learn how to stage a Clickjacking attack and use hidden iframes to trick users into interacting with one application while they think they're using another. Next, we'll turn our focus onto our web application's back end. We'll use a SQL injection attack to expose private information from a database and learn how to sanitize user input properly to protect against this kind of thing. We'll also attack the app's authentication system its self, to try and determine which usernames correspond to registered accounts. Finally, we'll look at the network connection between our user and the web application back-end, and explore how a man-in-the-middle attack is staged. We'll get some hands-on experience with modern browser security features like HSTS headers and Subresource Integrity — technologies that can protect users on a compromised WiFi network.
We've already held over 150 workshops with thousands of attendees in-person and online. In this time we've discovered ways to schedule the day, so it goes smoothly and efficiently. Regardless if you're in-person or participating with us online you'll have the full ability to replay things you missed, get your questions answered LIVE and interact with the teacher throughout the day.
- 10:00AMState of Web App Security
- 10:30AMCategories of Attack
- 11:00AMProtecting Developer Secrets
- 12:15PMAttack: CSRF
- 12:30PMDefend: CSRF
- 2:00PMClickjacking Attacks
- 2:15PMAttack: Clickjacking
- 2:30PMDefend: Clickjacking
- 2:45PMSQL Injection
- 3:00PMAttack: SQL Injection
- 3:15PMDefend: SQL Injection
- 3:30PMTiming Attacks
- 3:45PMAttack: Timing
- 4:00PMDefend: Timing
- 4:30PMSubresource Integrity
- 5:00PMWrap Up and Recap
Interact with the Instructor - Online & In-Person
Is This Workshop for Me?
One Full Day Workshop Session
Replay Videos (available immediately)
September 12, 2017 - 9:30am to 5:30pm Central US Time
Option 1: Attend online on our full HD live stream
Option 2: Attend in-person at HQ in Minneapolis, MN