SANSFire 2008 – Audit 507, Day 4 – Web applications

Day four of SANSFire 2008, and I’m feeling a bit tired.

Alright, I am burned out.

No, I don’t think it’s from the content, I just really did not get enough sleep last night. I decided I had had enough studying for one day, couldn’t get the TV in my room to work (not that I tried very hard), and so I logged in and played a little Warcraft after having dinner with another SANS student. I finally turned in around 11:30pm, but didn’t get to sleep for some time, and I woke up waaaay before my alarm went off this morning. I think I got maybe 4-5 hours of sleep last night, so I was definitely a bit off my game for most of the day. I wasn’t nodding off in class, but I definitely closed my eyes a few times to conserve energy, and I have that hollow, “I’m fueled by coffee” feeling.

Enough moaning! What did I learn today? How to audit web applications, looking for common coding errors that lead to neat things like cross-site scripting attacks, SQL injections, and session cloaking. We used some tools that I’d heard of, but never used, and a couple that I have played with before, like Nikto. I haven’t done the homework yet, as I’m heading out to the GIAC brief, then to observe the hacker workshop (where some of the other courses’ students get to hack systems for fun and profit), then bed. Hopefully, I’ll sleep better tonight.

Leave a Reply