Hey @danielbilling, we’ve run your workshop at a few TestBash events now. The demand is always high!
I’m wondering what are the top three questions you see asked at the workshops? Without giving too much away about your workshop “Web Application Security: A Hands-on Testing Challenge”, how do you answer these?
The questions I normally get are usually centred around the techniques of security testing. Things like “How does SQL Injection work?”, or “How do you find security issues in an API?”, or “What is Cross Site Scripting?” As you don’t want me to spoil the workshop, I’ll say this.
We answer the questions through practising those techniques. We explore the major vulnerabilities (the new OWASP Top 10 was released last year), we look at how social engineering can be used to discover useful information, and we attempt to breach a vulnerable website using those very techniques.
I think the best way of understanding the implications of security issues in software is simply to practice finding those kinds of problems. By doing that, it allows you to understand the impact of vulnerabilities, and how potentially serious security issues are. We will be looking at how to breach user credentials, modify application and user data, and even undermine an entire application to effect a denial of service. All good fun.