by Apoorva Giri (@apoorvagiri) on Wednesday, December 24, 2014

+1
Vote on this proposal
Status: Confirmed
Technical level
Beginner

Objective

The instructors will explain the different types of attacks on Web Applications and Network Applications with the help of demos. Participants will follow the instructors on their laptops.

Description

The following topics will be covered in this section:

  1. Network Scanning using Nmap.
  2. Exploitation of vulnerable services using Metasploit
  3. OWASP Top 10 for Web applications
    A1-Injection
    A2-Broken Authentication and Session Management
    A3-Cross-Site Scripting (XSS)
    A4-Insecure Direct Object References
    A5-Security Misconfiguration
    A6-Sensitive Data Exposure
    A7-Missing Function Level Access Control
    A8-Cross-site Request Forgery (CSRF)
    A9-Using Components with Known Vulnerabilities
    A10-Unvalidated Redirects and Forwards

Requirements

• A laptop with Admin privileges. • At least 10 GB of free space. • Minimum 2GB Ram. • Operating System any of the following: OSX , Win 7 and above, Ubuntu 12.0.4. • VMware OR VirtualBox 4.x.x installed. • Kali OS iso from https://www.kali.org/downloads/ • Download OWASP BWA version 1.1.1 from http://sourceforge.net/projects/owaspbwa/files/

Speaker bio

Apoorva Giri works as a Security Analyst with iViZ Security (a Cigital company). She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014at Kochi, Kerala. Her interests lie in Web Application Security and Mobile Security. She’s an active member of Null/OWASP Bangalore Chapter. She has been listed on the Barracuda Hall of Fame for finding vulnerabilities on their application.

Shruthi Kamath works at Infosys Limited. She is a certified Ethical Hacker from EC Council. She has presented a workshop on “Cyber Security and Ethical Hacking for Women” at c0c0n 2014. She has conducted a one day workshop on “OWASP TOP 10” at Null Bangalore chapter. She has presented on “Secure SDLC” at c0c0n Conference 2013.She has participated at Jailbreak NULLCON 2014. She presented a talk on “Cybercrimes in India and its Mitigation” at the National Conference for Women Police held at Trivandrum. She is an active member of Null/OWASP Bangalore Chapter. Her area of interest is Web Application Security.