We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
How hacking works - Web edition - Espen Sande-Larsen - NDC Oslo 2024
Learn how hackers exploit web vulnerabilities, explore different hacking approaches, and discover key security considerations to protect your applications with Espen Sande-Larsen.
-
CTFs (Capture The Flag) are engaging competitions that help develop offensive security skills and security awareness while learning in a safe, legal environment
-
Different types of hackers are classified by “hat colors”:
- Black hats: Malicious attackers
- White hats: Ethical hackers/security researchers
- Grey hats: Operating in between, sometimes breaking rules but not malicious
- Blue hats: Zero-day vulnerability hunters hired by corporations
-
Modern web vulnerabilities are more critical than traditional exploits:
- Cross-site scripting
- Template poisoning
- Broken authentication
- Third-party dependencies
- Supply chain attacks
-
Common exploit categories include:
- Buffer overflows/stack smashing
- Return-oriented programming (ROP)
- Cryptography attacks
- Forensics/log analysis
- Reverse engineering
-
Organizations like OWASP help manage and track vulnerabilities:
- Maintain vulnerability databases (CVE)
- Publish security guidelines
- Create training resources like Juice Shop
- Track critical security risks
-
Key security considerations:
- Don’t blindly trust third-party code
- Test applications from an offensive mindset
- Consider security during design phase
- Keep up with new vulnerability types
- Validate all inputs thoroughly
-
Learning resources available:
- HackTheBox
- TryHackMe
- PicoCTF
- CTF competitions at security conferences
- OWASP training materials