Hands-On Web Application Security

Sunday 9:00 am to 12:30 pm, in Cabrillo 1
Intermediate

About This Tutorial

XSS, SQL Injections and Improper Authorization, oh my! Between the OWASP Top 10, CSRF, stealing sessions, and DDOS attacks, have you ever felt that the world of web security was too complex to understand? Do you find yourself wishing that you understood what those acronyms really translate to in a live web application?

If so, then this is the tutorial you’ve been waiting for. In this tutorial, we’ll cover essential topics in web security, including the majority of the OWASP Top 10, but we won’t be doing it in a theoretical manner. We’ll take a live, deliberately insecure web application, identify the vulnerabilities, exploit them, and finally fix them. Sound cool? It is!

Topics include the following:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Cookies and how they can be abused
  • Why default passwords are dangerous
  • Improper authorization checking
  • Incorrect Session Management
  • SQL Injection
  • How to abuse Pickle
  • And more!

We’ll also provide suggested resources for continuing your security education after you complete the tutorial.

While previous experience with Django is not required, it is recommended. You should have an understanding of how web applications work in general and have completed the official Django Tutorial or something substantially similar.

Presenters

    Photo of

    Jacinda Shelly

    Jacinda Shelly is the CTO at Doctor On Demand and mother of an incredible little girl named Ada. She’s been programming in Python for almost a decade now and loves how special the Python and Django communities have always felt. In addition to programming, Jacinda loves science fiction, staying fit, traveling the world and sharing stories with others.