[GET] Web Application Hacking | HQ Leak


• Comparing web app sec to host / network security
• Web Application Security Newsmakers
• Cross-site-scripting
• XSS Proxy
• SQL Injection
• SQL Injection “spot” techniques
• Nasty SQL Injections
• Blind SQL Injection
• Testing ACLs with param manip
• Web Telnet: Something fun for WebDav Uploads
• Bad Extension source disclosures
• Managing web app sec
• Contributing factors to the problem
• Approach to web app sec programs
• Why the C&A process fails web app sec

Web Application Development “Truisms”

• Web applications are software
• Multi-billion dollar software companies inadvertently create a
massive number of vulnerabilities in their software
• Your web developers have a lot less training and resources than
software companies do.
• Development standards emphasize functionality, not security
• C-Levels understand other topics better – IDS / IPS, patches
• Web App dev not approached as engineering