Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 28 • 11:30am - 12:30pm
Hackazon - Stop hacking like its 1999

Sign up or log in to save this to your schedule and see who's attending!

Applications have changed, but your test apps havent!
Its about time for a test app that’s a little more current than circa 2002. Enter Hackazon.

Hackazon, is a modern vulnerable web application. It looks like an online storefront with a modern AJAX interface, strict workflows and RESTful API's used by a companion mobile app. And, its here to replace the old Web 1.0 test apps (WebGoat, DVWA, Hackme Bank and Hackme Casino) that no longer mirror the applications we see in the wild. Will your application security scanner successfully test this site? Doubt it! Even manual pen testers will have their hands full testing their skills against it.

There are vulnerabilities scattered throughout Hackazon, and each vulnerable area is configurable so that users can change the vulnerability landscape to prevent “known vuln testing” or any other form of cheating. To find all the vulnerabilities in Hackazon it will require proper handling of not only classic web security, but will require testing RESTful interface formats that power AJAX functionality and mobile clients (JSON, XML, GwT, and AMF). It will also require tedious testing of strict workflows common in todays business applications.

Hackazon is an open source application that will ultimately be contributed to OWASP to be included with the other vulnerable test applications.

Join Dan for this talk where he will demonstrate Hackazon and the techniques required to find the vulnerabilities in the different interfaces and formats.

Speakers
avatar for Dan Kuykendall

Dan Kuykendall

co-CEO and CTO, NT OBJECTives
co-CEO and CTO, NT OBJECTives | | Dan has been with NTO for more than 10 years and is responsible for the strategic direction and development of products and services. He also works closely with technology partners to make sure our integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most... Read More →


Wednesday January 28, 2015 11:30am - 12:30pm
Annenberg Community Beach House: Track 3 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (6)