Dear Visitors,

We are so sorry to inform you, that due to his military duties, Muhammed Bassem was refused to leave his country however he has his VISA and flight ticket to Budapest. Because of this unfortunate turn of event, we must cancel the Web Application Penetration Testing Workshop.

We asked Dániel Szpisják, to jump in and help us out, so he will hold his ‘XSS Defense in depth’ workshop at #BSidesBUD2018. You can find the description of his workshop below:

XSS is still one of the most dominant vulnerabilities of the web. Since its discovery, quite a few countermeasures have been invented. During this workshop, you will learn techniques to combat XSS. I will introduce you to the concept of defense in depth, also known as the castle approach. We will take a look at various defense mechanisms step-by-step, examining their pros and cons as well as their limitations. The hands-on part of the workshop is organized into modules. First, we will try to prevent the XSS payload from reaching the browser intact. Second, we will take a look at what to do if our attempts in the first step failed. Lastly, we will discuss how to combine these practices to achieve true defense in depth. The hands-on part of the workshop requires git, Docker, a text editor and a modern browser.

We are so sorry for this schedule change and hope that you will find the new workshop interesting & useful too. People who are registered for Muhammed’s session are still registered for the session of Dániels, so if you do not want to attend the XSS defense workshop, please cancel your registration.

Here is the final list of workshop sessions:

• 09:05 – 11:05 / Gábor Pék: Hands-on secure software development from design to deploy
• 11:20 – 13:20 / Dániel Szpisják: XSS Defense in depth
• 13:35 – 15:30 / Éva Szilágyi & Dávid Szili: Introduction to Bro network security monitor
• 15:50 – 17:35 / Zoltán Abonyi: BadUSB with Arduino

(Please note that workshop registration is only available for ticket owners.)

See you on Thursday!
BSidesBUD Crew