Web Application Hacking, Offensive Approach to Web Application Security #2 (powered by OWASP Juice-Shop and OWASP ZAP)
Security becomes one of the most desired attributes of modern web applications. Security testing is a major milestone that needs to ensure the applications security. Despite this fact for many developers and testers security is black art. Truth be told, developers can’t write secure applications unless they know how to attack them. Testers without basic web application hacking knowledge lack also an important skill for doing a proper quality assurance. Consider this training as the first step you can take in the world of web application security. Learn the purpose of using a proxy tool like OWASP ZAP to support you at your work. Craft your skills by breaking through defences of a specially developed application OWASP Juice Shop in virtualized environment on your own notebook. Learn security the practical way.
Maximum number of participants: 20
Preliminary requirements for participants: Basic HTTP protocol knowledge, basic relational database knowledge, basic application session handling knowledge, weaknesses and vulnerabilities of web applications (based on e.g. OWASP Top 10, basic).
- Remember to bring your own device with power adapter! Anything with Windows, Linux will (most probably) do
- Install OWASP ZAP https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
- Install Oracle VirtualBox https://www.virtualbox.org/
- At least 5GB of free space for virtual machine
- Download virtual machine
There is absolutely no need to give the machine internet access, so you will do perfectly fine by running the machine in a host-only network. If you don’t know how to configure such thing in VirtualBox – don’t worry. It will be one of the first things we will show on the workshop. Still, you might want to install the tools before the workshop to simply save time.