From Dev to Defense: Understanding Server-Side Vulnerabilities

YOW! Sydney 2024

This intensive one-day masterclass bridges the gap between developers and hackers, offering a deep dive into server-side vulnerabilities from an adversarial perspective. Tailored for developers eager to learn more about how to secure their application, this master course provides an insight into the hacker's methodology. Participants will gain hands-on experience on exploiting server-side vulnerabilities through example web applications and different services.

Learning Objectives

By the end of this intensive one-day masterclass, participants will be able to:

1. Exploit SSRF Vulnerabilities Like a Hacker: Demonstrate the ability to identify and leverage Server-Side Request Forgery vulnerabilities in web applications, gaining unauthorized access to internal resources and manipulating server-side operations.
2. Execute Advanced Remote Command Injection Attacks: Craft and deploy sophisticated Remote Code Execution payloads across various platforms, understanding how seemingly innocuous input can be weaponized to take control of server systems.
3. Weaponize XXE for Data Exfiltration: Manipulate XML parsing processes to execute XML External Entity attacks, extracting sensitive data and compromising system integrity through real-world scenarios.
4. Art of SQL Injection: Perform SQL Injection techniques to bypass authentication, extract database contents, and manipulate backend data, gaining a deep understanding of how attackers exploit poor input sanitization.
5. Exploit DevOps Tools for Maximum Impact: Identify and leverage common misconfigurations in DevOps infrastructure, including GitLab, Jenkins, and other CI/CD tools, to gain unauthorized access, extract sensitive information, and potentially achieve full system compromise.

Target Audience

• Tech Leads
• Software Engineers
• Security Analysts
• Ethical Hackers
• DevOps Engineers
• Cloud Architects

Prerequisites & Equipment

• A working laptop with wifi/internet capabilities for remote desktop access
• A high level understanding of web technologies including HTTP requests, DNS queries, and basic TCP/IP