What could a hacker do to your web application? Lock all your users out of their account? Collect a list of every user’s email to spam them or lure them into a phishing scheme? Are your users passwords safe from theft? Could a simple brute force attack allow a hacker to login as another user? Is your application’s database at risk for total compromise? Are supposedly secure sections of your app actually easily accessible to the public? Are your admin users at risk of having their sessions stolen and impersonated? Let’s get clear answers to these critical concerns.
This session leverages hacking techniques outlined in “The Web Application Hacker’s Handbook”. We will review a variety of best practices and potential pitfalls that are easy to overlook. We will discuss the top 10 most critical web app security issues and view their implications through real-time hacking of an insecure web application. And after we’ve seen how to hack, we’ll discuss how to defend our apps from the thugs.