Attacking Websites for Educational Purposes Only
A talk from EMF 2018 by Andrejus Kostarevas
On Saturday September 1, 2018 at – in Stage A
Information security is a big deal nowadays as more and more people start to take their privacy online very seriously. But what's the point of protecting yourself if the web services you use are vulnerable to big scary hackers?
If you want to catch a glimpse of penetration testing, come along and learn about concepts such as discovering vulnerabilities, running through them, exploiting and patching them.
This talk will be based around a University coursework project, where an older version of web forum software "phpBB" is examined, exploited and patched. The technologies that phpBB was built on were quite simple, so the main focus of the talk will be the process of penetration testing.
Some of the topics covered will include sanitising user input, as well as enforcing file and variable scopes. You will familiarise yourself with concepts such as never trusting user input and get to see exploits such as cross-site scripting and remote code execution.
Lastly, we will wrap up by patching out these vulnerabilities and hopefully learn a thing or two about building more secure software.
Video
- View this video on media.ccc.de.
- View this video on YouTube.