Have you ever wondered how safe are the applications you use everyday? Those that have access to your personal and, in some cases, financial information? Are these applications so safe that the only ones that may be able to compromise them are those hackers that we have seen on T.V and movies, who sit in front of a black screen with green letters, use the keyboard at lighting speed, and probably speak binary as their second language?
We are sorry to burst your bubble, but the truth is far from that, and maybe there is no need for such an extraordinary person to compromise your information. This is usually because the most common vulnerabilities found in applications are of the type XSS (Cross Site Scripting), SQLi (SQL Injections) CSRF (Cross-Site Request Forgery) , Insecure Session Management and Insecure Configurations, among others; these vulnerabilities are widely documented, and their exploitation can be, in some cases, extremely simple, even without requiring an in-depth knowledge of computation or programming.
Let’s take a look at how our ethical hackers exploit those vulnerabilities to obtain sensitive information, hijack a session, or even gain root access over the server running the application.
In this conference we will use an application named bWAPP, which has the particularity of being vulnerable by design (vbd), in such a way that ethical hackers and security enthusiasts can practice their skills and keep improving, and those who are just starting in this world can learn how to find and exploit vulnerabilities.
The application will be attacked from different levels: the web interface and the different services running inside the server. Starting from an identification phase and following with the exploitation and privilege scalation.
We will also show the programming issues that cause these vulnerabilities, always keeping it simple, so all the assistants, no matter their profession, can keep up and understand the importance of information security in a world where applications and devices are increasing exponentially.
This conference was held in the Information Security Workshop carried out by TigoUne.
The conference can be presented in your company facilities.
The talk can be given in Medellín, with a minimum audience of 10 assistants. For other cities in Colombia, Central America, Ecuador and Perú the minimum audience are 20 assistants.
The event duration is 1 hour.
This conference is suitable for people with basic or low technical knowledge. The audience limit are 30 assistants.