Attacking DVNA (Damn Vulnerable NodeJS Application) null Bangalore Humla 30 June 2018 Attacking DVNA (Damn Vulnerable NodeJS Application)
Abstract
Attacking DVNA (Damn Vulnerable NodeJS Application)
The objective of the workshop is to provide hands-on experience in exploiting vulnerabilities while providing an opportunity to understand the cause and fixes for the vulnerabilities. We will be using Glitch, an easy to use online platform, to play around with an individual instance of DVNA for each participant.
Plan for the workshop
- Hands-on practice of exploiting vulnerabilities in DVNA using Glitch to run the target web application
- Understanding the cause of vulnerabilities
- Fixing / Discussing fixes for vulnerabilities
Depending on the pace of the workshop, I aim to cover most of the following vulnerabilities
- SQL and command Injection
- Broken Authentication
- Sensitive Data Exposure
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Using Components with Known Vulnerabilities
- Cross Site Request Forgery
- Unvalidated Redirects and Forwards
Requirements
- We will be using Glitch to play around with our own individual app. So Internet connectivity is a must. Students must be able to tether their mobile/portable hotspot for internet access.
- Basic understanding of OWASP Top 10 and some prior development experience.
- Students must have Burp Suite Community / Pro setup on their laptop.
Speaker
Timing
Starts at Saturday June 30 2018, 09:00 AM. The sessions runs for about 9 hours.