I created this presentation for two purposes: On the one hand it can be used as an ultra-compact introduction to Web Application Security. It is best combined with a live-demo, e.g. using my own Juice Shop vulnerable webapp.
On the other hand it turns out to be useful for refresher sessions, e.g. with former participants of my Web Application Security Training Workshop. Here I usually just walk through the presentation and afterwards let the participants have a hands-on-hacking-session on the Juice Shop for reinforcing their knowledge.
You can view or download the PDF version on Slideshare or you can view the original HTML-based presentation here:
This is the minified introduction talk to Web Application Security derived from my Training Workshop slides (https://de.slideshare.net/BjrnKimminich/web-application-security-21684264) – It gives a short motivation why Web Application Security is a high priority today and then goes through three of the most prominent vulnerabilities of web apps:
– SQL Injection
– Cross Site Scripting (XSS)
– Cross Site Request Forgery (CSRF)
It will be explained how each of these technically work, what damage they can cause and how to avoid them in your own applications. The talk concludes with a summary of existing measures to increase application security and explains why none of these is a 100% solution. To keep you on the topic for a while after the talk, a “hacking homework” is presented where a vulnerable local web shop is supposed to be hacked in various ways.
For a full-grown coverage of the topic feel free to check out my Web Application Security Training Workshop slide deck: https://de.slideshare.net/BjrnKimminich/web-application-security-21684264.
/!\ Performing attacks on any website or server you do not own yourself is a crime in most countries!