A Primer On Web Application Security null Ahmedabad Public Puliya 28 October 2023 PwnParty

Img 0440

Abstract

In this session Ravikumar will explain follwing topics.

What technologies are hackers working on?
Favorite targets of Hackers
Difference between VA & PT
Calculate CVSS 4
Risk Matrix
Case Study to understand web application security testing approach
Common methods of identifying vulnerabilities

OWASP Top 10 2021
11th Category of OWASP
=> Code Quality issues
=> Denial of Service
=> Memory Management Errors

Also cover following issues
=> Path Traversal
=> Sensitive Information Exposure
=> Improper Access control and Authorization
=> Force browsing
=> Confused Deputy
=> Inclusion of sensitive info in source code

=> Open redirect
=> Exposure of WSDL file contains sensitive info
=> missing or incorrect Authorization and Authentication
=> SameSite Attributes
=> Weak Encoding + hardcoded cryptographic keys
=> Reversible one way hash
=> Use of one way hash without salt
=> +10 cryptographic issues
=> Argument Injection
=> OS command Injection
=> LDAP Injection
=> Static code injection
=> HTTP response splitting
=> Eval Injection
=> XPath Injection
=> HQL Injection [ORM Injection]
=> XQuery Injection
=> Expression language Injection
=> SSI Injection
=> CRLF Injection
=> Business Logins Errors [Architecture related issues]
=> ASP.net debug binary issue
=> XXE
=> Cookie Attributes best practices
=> Authentication bypass
=> Capture- relay
=> Missing critical step in Auth
=> Lockout issues
=> Download code without integrity
=> Deserialisation bugs
=> Logging issues
=> SSRF

++ QA session

Speaker

_RaviRamesh

Ravikumar is a Head - Professional Services at Net Square, providing cutting-edge information security services to clients around the globe. He has an M.C.A. from UTU University. His work bug hunting and responsible disclosure has led him to the Hall Of Fame for Google, Microsoft, Apple, Oracle, and many more. He has been performing Web Applications, iOS and Android pentest and leads Net Square’s professional services team.

Timing

Starts at Saturday October 28 2023, 10:00 AM. The sessions runs for about 2 hours.

Resources

 
0 0 0