Web Application Hacking
See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.
Even if you've seen XSS and SQL Injection before, advanced techniques will be presented that can slip through many protections. As a finale, the holy grail of web security will be broken with a Man-In-The-Middle attack on SSL. Although countermeasures are briefly covered, this is first and foremost a shock and awe presentation that will motivate you to secure your applications. Attendees will receive a CD with all the Hacme applications used during the presentation so you can practice your new 'skillz.'
About Roman Hustad
Roman is a Principal Software Security Consultant at Foundstone, a small division of McAfee that provides security assessment, training, and software design services to corporate and government organizations around the world. After spending most of his life building software, now he figures out ways to break it through penetration testing, threat modeling, and code review. On the proactive side, he leads software design sessions, teaches Java security courses, and participates in the Hacme Books open-source project. In his ever-dwindling spare time Roman enjoys mountaineering, scuba diving, and other outdoor pursuits.
More About Roman »