Secure Application Development
Home faculty program location registration subscribe related past events	Hands-on web security Learning objectives understand how current web technologies work, receive an overview of the most important web vulnerabilities, become familiar with web security tools for source code analysis and penetration testing, master web security skills by gaining hands-on experience in exploiting and protecting web applications. Overview This practical web security module starts with a short, basic introduction on widely used web technologies. With the core mechanisms of these technologies in mind, an overview of web vulnerabilities is given and the most important ones are shortly discussed: what are they? how are they exploited? what is their impact? how to mitigate? Next, a short overview of open-source web security tools to facilitate source code analysis, penetration testing and web application hardening is given. Finally, the participants are guided in a hands-on security lab on exploiting and protecting vulnerable web applications. Prerequisites To fully benefit from this session, participants are advised to bring a laptop that has WebGoat 5.1 and WebScarab installed. WebGoat 5.1 (unzip, click and run edition) can be downloaded from Google Code. The latest version of WebGoat runs on privileged ports, so participants need admininistration/root rights on their laptop. More detailed installation instructions can be found at Google Code and OWASP. For more information on WebGoat consult the WebGoat project home. WebScarab can be downloaded from the OWASP WebScarab project download page. There is more information on the WebScarab project on the OWASP WebScarab project pages.

Secure Application Development

Hands-on web security

Learning objectives

understand how current web technologies work,
receive an overview of the most important web vulnerabilities,
become familiar with web security tools for source code analysis and penetration testing,
master web security skills by gaining hands-on experience in exploiting and protecting web applications.

Overview

This practical web security module starts with a short, basic introduction on widely used web technologies. With the core mechanisms of these technologies in mind, an overview of web vulnerabilities is given and the most important ones are shortly discussed:

what are they?
how are they exploited?
what is their impact?
how to mitigate?

Next, a short overview of open-source web security tools to facilitate source code analysis, penetration testing and web application hardening is given.

Finally, the participants are guided in a hands-on security lab on exploiting and protecting vulnerable web applications.

Prerequisites

To fully benefit from this session, participants are advised to bring a laptop that has WebGoat 5.1 and WebScarab installed.

WebGoat 5.1 (unzip, click and run edition) can be downloaded from Google Code.

The latest version of WebGoat runs on privileged ports, so participants need admininistration/root rights on their laptop.

More detailed installation instructions can be found at Google Code and OWASP.

For more information on WebGoat consult the WebGoat project home.

WebScarab can be downloaded from the OWASP WebScarab project download page.

There is more information on the WebScarab project on the OWASP WebScarab project pages.