App Security and Penetration Testing Masterclass

Tom sits, tapping away at his keyboard; his monitor resembles something from the Matrix. All of a sudden, “[Access Granted]” flashes on the screen and Tom, unbeknownst to the bankers and its users, now has access to every customer’s details. A security breach of overwhelming proportions is now on our hands; and it all happened from within Canterbury Christ Church University’s Invicta building.

App Security Masterclass

Nick Murison from Cigital presents to students

This scenario may sound like something from a Hollywood movie, but it’s precisely what our students from the second and third years did under the watchful eyes of Nick Murison and Alexander Evans from Cigital. Of course, the bank was fictitious, but the attacks were very real and could pose serious problems to everyone concerned.

To facilitate the exercises, students used a wide range of exploitation-techniques, including XSS (Cross-Site Scripting), SQL Injection and Software Exploitation. Not only were students introduced to such techniques and how they can be applied, but also why these vulnerabilities exist to begin with and the ways in which they can be prevented by applying Application Security knowledge. In fact, a main focus of the presentation was about common software-engineering mistakes and how to best avoid them using, for example, Cigital’s own Seven Pernicious Kingdoms. Additionally, students were introduced to the various legal and ethical issues in the field of Penetration Testing and the procedures that must be followed in order to safeguard the client as well as the tester.

Overall the students enjoyed a four hour long lesson and we would be delighted to have Nick and Alex with us again at some point in the near future.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s