day1.md

Establish context: demonstrate current state of applicaiton security and its effect on technology and economy

Massive data breaches

• http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
• NotPetya losses estimate (FedEx+Maersk=600kk alone, ~2kkk globally)

Personal data and password breaches

• https://haveibeenpwned.com
• https://haveibeenpwned.com/Passwords
• Threat analysis sneak peek: API and k-anonymity

Software vulnerabilities

• https://nvd.nist.gov
• https://nvd.nist.gov/general/visualizations/vulnerability-visualizations/cwe-over-time

Walk through the OWASP Top 10 appsec risks

• https://www.owasp.org/index.php/Top_10-2017_Top_10
• https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
• Methodology overview
• Vulnerability examples by class

Practice: demonstrate attack narratives that use typical vulnerabilities in web-applications

• Burp Suite
• Hack Me
• DVWA DVWA in Docker
• XSS Hunter