Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
 
View analytic
Wednesday, September 23 • 9:00am - 10:30am
Training (1 day): Hands-on Website Exploitation with Python

Sign up or log in to save this to your schedule and see who's attending!

This training will teach students how to conduct website assessments with Python. Students will learn the essentials of the python language and learn to create useful algorithms that perform various exploits through "other" tools like Nmap and through "custom" tools that perform password cracking, DOM modification, injections, and more. The capstone of the class is the development of a python based web application scanner and using it to assess some various broken web applications.

Students will perform the following tasks:
>>Quickstart basics of Python programming
>>Development of various scripts to perform: Network sniffing and exploitation (including one than integrates Nmap functions), DOM modification, Searching an Analysis, plugin grabber which integrates with "Exploit DB" (this includes the ability to store information for future or automated exploitation), Password cracking, SQL Injection, CSRF, XSS (including the automation of XSS identification), root exploitation, porting of various other scripts into Python (focus on ruby scripts)
>>Development of a custom Web Application scanner
>>Use of these new tools to attack various intentionally broken web apps, including a vulnerable shell-shock server

Who Should Take This Course?
This class does not require python experience and is encouraged for the un-seasoned pen-testers who want to learn this language and integrate it into their professional security testing.

What Should Students Bring?
Students should bring a laptop with Oracle virtualbox or VMplayer installed. Lecture material and lab exercises will be provided in electronic form.

Speakers
avatar for Michael Born

Michael Born

Security Consultant, Solutionary
I enjoy breaking into things more than defending, I love Python, can tolerate Ruby, and am always trying to improve at C and Assembly. My current security testing focus is network penetration testing, application penetration testing, and mobile application penetration testing.
avatar for Fred Donovan

Fred Donovan

Professor and Director of an MSCS program | Enjoy discussions on "hacking back" | Friend and brother to many


Wednesday September 23, 2015 9:00am - 10:30am
Pacific B