AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Wednesday, September 23 • 11:00am - 12:30pm
Training (1 day): Hands-on Website Exploitation with Python

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This training will teach students how to conduct website assessments with Python. Students will learn the essentials of the python language and learn to create useful algorithms that perform various exploits through "other" tools like Nmap and through "custom" tools that perform password cracking, DOM modification, injections, and more. The capstone of the class is the development of a python based web application scanner and using it to assess some various broken web applications.

Students will perform the following tasks:
>>Quickstart basics of Python programming
>>Development of various scripts to perform: Network sniffing and exploitation (including one than integrates Nmap functions), DOM modification, Searching an Analysis, plugin grabber which integrates with "Exploit DB" (this includes the ability to store information for future or automated exploitation), Password cracking, SQL Injection, CSRF, XSS (including the automation of XSS identification), root exploitation, porting of various other scripts into Python (focus on ruby scripts)
>>Development of a custom Web Application scanner
>>Use of these new tools to attack various intentionally broken web apps, including a vulnerable shell-shock server

Who Should Take This Course?
This class does not require python experience and is encouraged for the un-seasoned pen-testers who want to learn this language and integrate it into their professional security testing.

What Should Students Bring?
Students should bring a laptop with Oracle virtualbox or VMplayer installed. Lecture material and lab exercises will be provided in electronic form.

avatar for Michael Born

Michael Born

Senior Security Consultant, Threat Services, NTT Security (US), Inc.
I enjoy breaking into things more than defending, I love Python, can tolerate Ruby, and am always trying to improve at C and Assembly. My current security testing focus is network penetration testing, application penetration testing, mobile application penetration testing, and social... Read More →
avatar for Fred Donovan

Fred Donovan

Professor and Director of an MSCS program Enjoy discussions on "hacking back" Friend and brother to many

Wednesday September 23, 2015 11:00am - 12:30pm PDT
Pacific B