Web Security Crash Course

Presenter: Scott Hand

Date: 8 Sept 2012

Description: This presentation goes over some basic attack techniques for compromising web applications. A brief background on web applications and HTTP is given. Vulnerabilities covered include parameter tampering, SQL injections, Cross Site Scripting, Cross Site Request Forgery, and general tips on attacking web applications. There was a web CTF with new problems for the course, and a link to the source of the problems is provided below. All of them may be run from a typical LAMP server except for CommentSpace, which requires Ruby on Rails to run.