Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more presented at DeepSec 2014

by Dawid Czagan,

Summary : Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning bugs identified in some of the greatest companies? If that sounds like fun, join this workshop!
I will discuss bugs that I have found together with Michał Bentkowski in a number of bug bounty programs (including Google, Yahoo, Mozilla and others). This is a two-day BYOL workshop, so make sure to have your laptop with you.
You will be given a VMware image with a specially prepared environment to play with the bugs. What’s more, after the workshop is over, you are free to take it home and hack again, at whatever pace is best for you.
To get the most of this workshop basic knowledge of web application security is needed. You should also have ever used a proxy, such as Burp, or similar, to analyse or modify the traffic.
You will need a laptop with at least 4 GB RAM, 20 GB free hard drive space, USB and Ethernet ports, administrative access, ability to turn off AV/firewall and VMware Player installed.