Probleme beim Einloggen

Offensive HTML, SVG, CSS and other Browser-Evil

Do, 12.11.2015, 09:30 (CET)
-
Fr, 13.11.2015, 18:30 (CET)
Deutsche Post E-Post Development GmbHBerlin, DeutschlandIn Google Maps öffnen

€ 1.500,00

Freie Plätze: 16
We are happy to announce that our popular training event is being offered in Germany this November! This two-day training will be given by Dr.-Ing. Mario Heiderich and held in the heart of Berlin.

We are happy to announce that our popular training event is being offered in Germany this November! This two-day training will be given by Dr.-Ing. Mario Heiderich and held in the heart of Berlin. This is a highly recommended event for penetration testers and security developers, giving you insights on countless tricks and techniques of exploiting the (seemingly) unexploitable! We will cover a great range of modern website bugs and teach you how to make sure that these issues get fixed properly and smoothly.

When will it happen?
12th - 13th of November 2015 (ICS File)

Where is it taking place?
Ehrenbergstraße 14, 10245 Berlin, Germany (Google Maps)

How many people can take part?
We have 17 seats available (of the overall 20 participants)

How much is it?
EUR 1.500,00 € (including breakfasts, lunches and afternoon beers, extra VAT when applicable)

How do I register?
Please contact Paula (paula@cure53.de, PGP is available)
Click here for a contact template

Sample Slides
Click here for a 9-slide PDF

Want else can you tell me about the location?

The training will be delivered on the premises of the Deutsche Post E-Post Development GmbH, specifically the "Tanzsaal" room. Once you register, we will send you all necessary information. We are happy to assist you with travel booking, accommodation arrangements and other matters as requested. On both days you will be able to enjoy lunch and afternoon beers in your trainer’s company as part of our workshop registration package. You can be sure that we’ll take you to Berlin's nicest spots in Friedrichshain district. Think excellent Burger, top-notch Pizza and amazing bars!

What will I learn and how?

The event takes a hands-on approach, so you need to bring your laptop along. To get a better idea about the contents of the two-day training, please read the abstract below.

The Abstract

More and more web applications delegate business logic to the client. HTML.next, JavaScript, SVG, Canvas, ES6, AngularJS and ReactJS are just some terms that describe the contents of the modern web stack. But how does the attack surface look for those? What if there’s no more GET parameters for our scanners to tamper with? What can we do when the server just delivers raw data and the rest is done by the browser? In this sense, you are likely to hear that classic web-pentests are “so terribly 1990s”. As expected keeping up with the pace of the progress is getting more and more difficult.

But of course there is hope! The focus of this workshop is on the offensive and dangerous parts of HTML, JavaScript and related technologies, the nasty and undocumented stuff, dozens of new attack techniques straight from the laboratory of horrors shared by those maintaining the HTML5 Security Cheatsheet and the DOMPurify Project. We’ll learn how to attack any web-application with either unknown legacy features, or the half-baked results coming to your browser from the labs of W3C, WHATWG and the ES6 mailing lists.

Whether you want to attack modern web applications or shiny browser extensions and Chrome Packaged Apps, we got you covered. No matter if you work for or against the security of modern web applications, you will surely enjoy our event and benefit from this workshop tremendously. A bit of knowledge on HTML and JavaScript is required, but rookies and rocket scientists will be equally satisfied.

Just like HTML is a living standard, so is this workshop. The course materials will not only be provided on-site and via access to a private Github, but also available to attendees as updates months after the actual training. All participants are granted perpetual access to the ever-updated slides and material.

The Trainer

Dr.-Ing. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Other than that, Mario is a very simple person and only parses three-word sentences so don’t even bother addressing him with complex topics or rhetorics.

We are happy to announce that our popular training event is being offered in Germany this November! This two-day training will be given by Dr.-Ing. Mario Heiderich and held in the heart of Berlin. This is a highly recommended event for penetration testers and security developers, giving you insights on countless tricks and techniques of exploiting the (seemingly) unexploitable! We will cover a great range of modern website bugs and teach you how to make sure that these issues get fixed properly and smoothly.

When will it happen?
12th - 13th of November 2015 (ICS File)

Where is it taking place?
Ehrenbergstraße 14, 10245 Berlin, Germany (Google Maps)

How many people can take part?
We have 17 seats available (of the overall 20 participants)

How much is it?
EUR 1.500,00 € (including breakfasts, lunches and afternoon beers, extra VAT when applicable)

How do I register?
Please contact Paula (paula@cure53.de, PGP is available)
Click here for a contact template

Sample Slides
Click here for a 9-slide PDF

Want else can you tell me about the location?

The training will be delivered on the premises of the Deutsche Post E-Post Development GmbH, specifically the "Tanzsaal" room. Once you register, we will send you all necessary information. We are happy to assist you with travel booking, accommodation arrangements and other matters as requested. On both days you will be able to enjoy lunch and afternoon beers in your trainer’s company as part of our workshop registration package. You can be sure that we’ll take you to Berlin's nicest spots in Friedrichshain district. Think excellent Burger, top-notch Pizza and amazing bars!

What will I learn and how?

The event takes a hands-on approach, so you need to bring your laptop along. To get a better idea about the contents of the two-day training, please read the abstract below.

The Abstract

More and more web applications delegate business logic to the client. HTML.next, JavaScript, SVG, Canvas, ES6, AngularJS and ReactJS are just some terms that describe the contents of the modern web stack. But how does the attack surface look for those? What if there’s no more GET parameters for our scanners to tamper with? What can we do when the server just delivers raw data and the rest is done by the browser? In this sense, you are likely to hear that classic web-pentests are “so terribly 1990s”. As expected keeping up with the pace of the progress is getting more and more difficult.

But of course there is hope! The focus of this workshop is on the offensive and dangerous parts of HTML, JavaScript and related technologies, the nasty and undocumented stuff, dozens of new attack techniques straight from the laboratory of horrors shared by those maintaining the HTML5 Security Cheatsheet and the DOMPurify Project. We’ll learn how to attack any web-application with either unknown legacy features, or the half-baked results coming to your browser from the labs of W3C, WHATWG and the ES6 mailing lists.

Whether you want to attack modern web applications or shiny browser extensions and Chrome Packaged Apps, we got you covered. No matter if you work for or against the security of modern web applications, you will surely enjoy our event and benefit from this workshop tremendously. A bit of knowledge on HTML and JavaScript is required, but rookies and rocket scientists will be equally satisfied.

Just like HTML is a living standard, so is this workshop. The course materials will not only be provided on-site and via access to a private Github, but also available to attendees as updates months after the actual training. All participants are granted perpetual access to the ever-updated slides and material.

The Trainer

Dr.-Ing. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than, leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled powerpoint-slides. Other than that, Mario is a very simple person and only parses three-word sentences so don’t even bother addressing him with complex topics or rhetorics.

Kommentare zum Event
Bitte einloggen oder registrieren, um an der Diskussion teilzunehmen