Chcon

This training aims to introduce attendees to common web application vulnerabilities through a hands on format. This workshop will use a vulnerable Flask website to demonstrate various vulnerabilities from the OWASP top 10 and other common vulnerabilities I've found through my career.

For each vulnerability covered, it will be laid out in roughly the following format:
- An introduction to the issue at a high level. This will cover things such as what the issue is, potential impact to applications and how to test for it in your own applications.
- Hands on hacking where each attendee will attempt to exploit the issue in the vulnerable Flask application, experienced helpers will be on hand to help walk you through exploiting each issue.

Time permitting, we will also aim to complete the following steps for each issue:
- After exploiting the issue, we will discuss mitigating steps and ways to fix this in your applications.
- Attendees can then fix the issue on a local version of the vulnerable site and verify their fix, with experienced helpers on hand to assist with this step.

This workshop will also introduce attendees to various tooling for both exploiting vulnerabilities as well as Python tooling to help prevent the vulnerabilities in the first place.

Participants will require the following:
- The ability to provide a laptop to use throughout the workshop.
- The ability to run BurpSuite Community Edition. This is free and we will teach the users the required knowledge for how it will be used in the workshop on the day.
- An internet connection to receive the lab files. A requirements file and source code will be provided on the day.