Workshop 2: SQL Injection & Cross-Site Scripting

As we return back to Standard Time in Canada, our next workshop is slowly approaching on Friday, November 8th.

Smashing the Web is our next workshop being led by Spencer Lee on Friday November 8. This workshop will cover SQL injection (SQLi) and cross site scripting (XSS), spanning introductory examples to complex real world problems.

Software and Hardware:

You will need the following ready and running for the workshop:

  • A laptop with Linux running natively or in a virtual machine
    • The Linux host or VM will also need to have docker and docker-compose installed as well as any web browser (Firefox, Chrome, etc.)

For simplicity, we’ve created the following VMWare Virtual Machine image. It is pre-loaded with all the tools you need. Please download it BEFORE the workshop (it’s ~ 3.9G!). We will be going over how to load it into VMWare during the workshop (so please make sure you have VMWare Player or VMWare Workstation installed by then).

Download Link to Virtual Machine: https://drive.google.com/file/d/1g9y8fhZ5a-Qsz7HHxsAcDRNNRqCl-MWE/view?usp=sharing

Our rough guide for the entire workshop is as follows:
First half – SQL
Intro to basic SQL
Minimal PHP syntax coverage
Overview of injecting SQL into <input> tags
four login examples
two search bar examples
Second half – XSS
Installing local website with docker (github link will be provided)
Overview of XSS scripting
Introduction to Basic Javascript
XSS demonstration
Using local the local web server
– we’ll practice many different XSS attacks in partners

Last but not least here so take home resources to read up on both before and after the workshop.
Take Home Resources:
https://portswigger.net/web-security/sql-injection
https://portswigger.net/web-security/cross-site-scripting

November Meeting and Git

Hello everyone. I hope the last few weeks haven’t been too tiring because our first workshop is coming up soon. Our next meeting is on November 1st, 2019 and will consist of a 20min news roundup with Nick then Git Workshop until 9:30 with Adam Burek in J102.

This workshop has been designed with the following points in mind:

  • Beginner Friendly
  • Provide an overview of Git and Github
    • What is it and why is it useful?
    • Why is it useful for us?
  • Provide context for using this in our program classes/assignments

Hardware and Software Requirements:

Please download the installers or ask for help with obtaining the installers as the workshop will also cover installation. As virtual machine images take a long time to download, please have at least these prepared for the workshop.

For any questions about the requirements and/or what to expect, you may contact @Louai or @AdamB directly on our Discord server! That’s it folks! We are so excited for this workshop and we hope you are too!

Workshop Schedule and more!

The ISSessions club is proud to announce that we have planned out our workshop schedule for the Fall term. Many thanks to our volunteer hosts for each workshop as these would be happening without you. The schedule is as follows:

  • Meeting + Mini-Worskshop: An Intro to Git – Friday, November 1, 7:00PM-9:30PM By Adam Burek
  • Smashing the Web: SQL Injection & Cross-Site Scripting – Friday, November 8, 7:00PM-9:30PM By Spencer Lee
  • Beware the Malware: A Gentle Introduction To Malware Analysis Series #1 – Wednesday, November 13, 7:00PM-9:30PM By Jason Hong and Ken Onuralp
  • An Intro to Red Teaming – Saturday, November 23, 9:30AM-5:30PM By Benjamin Maher, Director of Advisory, Security Compass
  • Beware the Malware: A Gentle Introduction To Malware Analysis Series #2 – Wednesday, November 27, 7:00PM-9:30PM By Jason Hong and Ken Onuralp

Next semester, we will have more workshops on Assembly, Lockpicking, Soldering, and so much more!!

Don’t forget: we will still be having meetings on Nov 15 and Nov 29.