Bootcamp #4: Web Attacks and SSL / TLS
Reading List:
OWASP Top 10 Web Attacks for 2013
SQL Injection
Session Management Issues
SSL/TLS Best Practices
SSL Bad Versions and Weak Ciphers
Modern Attacks: Beast, Crime, RC4
Certificate Authorities
Video Supplement:
Moxie on attacking SSL
Moxie on Certificate Authorities
Hands On:
Run SSLyze against your Samurai server.
Run SSLlabs against https://www.pentesterlab.com
Familiarize yourself with SSLStrip and how it works.
Programming:
Write an SSL client using an HTTP library in your preferred language.
Write an SSL client using a socket in your preferred language.
Working with OpenSSL
OWASP Top 10 Web Attacks for 2013
SQL Injection
Session Management Issues
SSL/TLS Best Practices
SSL Bad Versions and Weak Ciphers
Modern Attacks: Beast, Crime, RC4
Certificate Authorities
Video Supplement:
Moxie on attacking SSL
Moxie on Certificate Authorities
Hands On:
Run SSLyze against your Samurai server.
Run SSLlabs against https://www.pentesterlab.com
Familiarize yourself with SSLStrip and how it works.
Programming:
Write an SSL client using an HTTP library in your preferred language.
Write an SSL client using a socket in your preferred language.
Working with OpenSSL