Tech Tuesday Workshop – Deep Dive into SSRF and Insecure Deserialization Vulnerabilities

  • Webcast Aired Tuesday, 25 May 2021 1:00PM EDT (25 May 2021 17:00 UTC)
  • Speaker: Bojan Zdrnja

In this workshop we will quickly go through the OWASP Top 10 list of vulnerabilities. We'll discuss each category and will then dive into two labs where we will hack web applications by identifying a few simpler vulnerabilities that, when chained together, will lead to us compromising the application completely.

Specifically, we will cover Server-side Request Forgery (SSRF) vulnerabilities as well as Insecure Deserialization vulnerabilities - both of these categories of vulnerabilities will be exploited during the workshop by chaining them with some low hanging fruit (without which, it would be maybe even impossible to identify them).

Prerequisites: Familiarity with Burp suite

System Requirements:

Prior to the workshop participants should prepare the following

Download and install the workshop VM: https://sansurl.com/web-app-te...

username student

password Security542

A host system with at least 8 GB of RAM and 20-30 GB of free disk space

VMware Workstation Pro, VMware Workstation Player, or VMware Fusion installed

*Please note that this WILL NOT be recorded. Due to the hands-on nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.