Marek Puchalski

Deweloper aplikacji webowych i architekt bezpieczeństwa w Capgemini. Od 11 lat związany z branżą motoryzacyjną, od 7 lat z tematami bezpieczeństwa aplikacji webowych. Clean coder. Fascynat wszelkiej tematyki związanej z bezpieczeństwem informacji, bezpieczeństwem aplikacji oraz brakiem bezpieczeństwa. Członek organizacji OWASP.

Workshop organized by Capgemini – Web Application Hacking, Offensive Approach to Web Application Security

Security becomes one of the most desired attributes of modern web applications. Security testing is a major milestone that needs to ensure the applications security. Despite this fact for many developers and testers security is black art. Truth be told, developers can’t write secure applications unless they know how to attack them. Testers without basic web application hacking knowledge lack also an important skill for doing a proper quality assurance. Consider this training the first step you can take in the world of web application security. Learn the purpose of using a proxy tool like OWASP ZAP to support you at your work. Craft your skills by breaking through defenses of a specially developed application in virtualized environment on your own notebook. Learn security the practical way.

Required knowledge:

  • HTTP protocol (basic)
  • Environment virtualization (virtualbox, basic)
  • Weaknesses and vulnerabilities of web applications (based on e.g. OWASP Top 10, basic)


  1. Remember to bring your own device! Anything with Windows, Linux will (most probably) do.
  2. Install OWASP ZAP.
  3. Install Oracle VirtualBox.
  4. Download and import the machine image we have created. The checksums are MD5: 3AE84EE66CA334D4001FFA966404639B and SHA1:5F2F417995D8D52C4C58AD13C07C0B8EA9C8547E

There is absolutely no need to give the machine internet access, so you will do perfectly fine by running the machine in a host-only network. If you don’t know how to configure such thing in VirtualBox – don’t worry. It will be one of the first things we will show on the workshop. Still, you might want to install the tolls and the image before the workshop to simply save time.

The machine is lightweight. It will not eat too much resources. Oh, and you will not get any credentials to access the machine. The idea was to get shell access by exploiting some application vulnerabilities in the first place. 🙂

Język prezentacji (Presentation language): polski (Polish) albo/or angielski (English)

Poziom słuchaczy (attendee level): średnio-zaawansowany (intermediate)