Web Application Hacking w/ Brandon Perry (Day 1) presented at lascon 2017

by Brandon Perry,

Summary : The first day of this class focuses on teaching how to start finding and exploiting common web application vulnerabilities (Cross-Site Scripting, SQL Injection, Remote Command/Code Execution), first by hand, and then with common tools.
Real world web applications are used to demonstrate each vulnerability, after learning the basics in an intentionally vulnerable web application called BadStore.
Students end the day having covered the basics of the most prevalent types of web application vulnerabilities, as well as seeing how these can impact applications in the real world.
The second day of training takes the real world vulnerabilities from the previous day to the next level, we quickly rehash by exploiting them by hand using Burp Suite or common tools. Then we weaponize the vulnerabilities while learning the ropes of writing Metasploit exploit and auxiliary modules.
By the end of the day, we will have written two exploit modules and one auxiliary module.