The workshop will cover the following:
Background and Trends: The work shop will briefly describe how the security landscape is shaping up and provide data on emerging trends in security vulnerabilities their cause and effect.
Architectural Overview: The work shop will cover common architectural constructs in web applications. It will provide a basic tutorial on HTTP and scripting, covering common techniques like how sessions are handled, parameter are passed back to the server and how they are processed etc.
Tools: The works shop will instruct the students on how to use tools to inspect and alter HTTP traffic, with the aim of understanding various vulnerabilities.
Credential theft: The workshop will describe techniques that are used to steal valid credentials to impersonate an authentic user. The workshop will cover common development errors that cause this condition and techniques for their mitigation.
Information Leakage: The workshop will describe conditions that lead to leakage of sensitive information because of common coding and deployment errors. It will also describe how this information can be misused to perform more malicious attacks.
Social Engineering Attacks: The proliferation of new forms of communication like social networking sites, blogging and instant messaging has opened up new medium of propagating attacks that can lead to the above mentioned vulnerabilities.
Disclaimer: The workshop will describe techniques and tools with the intention of educating the attendees on various security vulnerabilities and how to prevent them. To achieve this, it is important to know certain techniques and tools that may have a dual purpose, and may be used for malicious purposes. In certain circles this may be interpreted as "hacking". This workshop is in no way intended to be a "hacking" tutorial with malicious intent.
The speakers, Techfest and G.S. Lab are in no way responsible for any incident that is caused by the intentional or unintentional use of these techniques and tools. Neither the speakers nor Techfest and G.S lab accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.