by <CPR>
Web applications play a vital role in every modern organization. If your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems.
Customers expect web applications to provide significant functionality and data access. Even beyond the importance of customer-facing web applications, internal web applications increasingly represent the most commonly used business tools within any organization. Unfortunately, there is no "patch Tuesday" for custom web applications, so major industry studies find that web application flaws play a major role in significant breaches and intrusions.
In this workshop we will teach you how to find vulnerabilities in web security according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example from vulnerability we have found in major tech companies like: Facebook, WhatsApp, Amazon, AliExpress, Snapchat, DJI, LG and more!
- node
- mongo db
- You will learn web vulnerability research based on our findings at Check Point Software Technologies.
- We will show you everything from both attacker and defender perspective.
- You will practice everything in a lab we built for Def Con 29
- You will learn how to chain Web Vulnerabilities to exploit modern applications.
- Have Fun!
- npm install
- rename the directory "git" to ".git" in the "public" folder
- start the challenge at: http://127.0.0.1:3000
Use our server at https://rzcyber.com we hosted the lab for you.