conference logo

Playlist "Electromagnetic Field 2018"

Attacking Websites for Educational Purposes Only

Andrejus Kostarevas

Information security is a big deal nowadays as more and more people start to take their privacy online very seriously. But what's the point of protecting yourself if the web services you use are vulnerable to big scary hackers?

If you want to catch a glimpse of penetration testing, come along and learn about concepts such as discovering vulnerabilities, running through them, exploiting and patching them.

This talk will be based around a University coursework project, where an older version of web forum software "phpBB" is examined, exploited and patched. The technologies that phpBB was built on were quite simple, so the main focus of the talk will be the process of penetration testing.

Some of the topics covered will include sanitising user input, as well as enforcing file and variable scopes. You will familiarise yourself with concepts such as never trusting user input and get to see exploits such as cross-site scripting and remote code execution.

Lastly, we will wrap up by patching out these vulnerabilities and hopefully learn a thing or two about building more secure software.