Are there things about your software that keep you up at night? Is the security of your application and the servers they’re running on one of those things? If you answered yes, this talk is for you. If you answered no, this talk is a must! Join Aaron as he introduces you to several methods of quickly learning the basic skills needed to asses the security of a web application and the server(s) that it runs on. You will explore common mistakes made in software development as well as common misconfigurations on servers that lead to their eventual demise.
In this session you will be introduced to Webgoat, a project by OWASP that teaches basic web application hacking techniques through exploration and challenges. You will have the ability to work through a few of the labs as a group and arm yourselves with some new skills. You will learn the basic techniques for port scanning and service identification, and how to spot potential weaknesses in server configurations without setting off any alarm bells. After some basic training you will be given a challenge as a group to deface a simple web application running on a virtual machine during the talk.