GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people. We keep GrrCON small with around 1,000 attendance to allow us to provide those things other events leave out. Whether you are a Fortune 500 executive, security researcher, industry professional, student, or a hacker of “flexible” morals you will find something for you at GrrCON.

Punch and Counter-punch Part Deux: Web Applications
2:00 PM to 2:50 PM

Applications today account for 75% of all attacks on corporate resources. Whether injection, XSS, poor crypto or the general ignorance of secure coding techniques, applications need our help! In “Punch and Counter-punch Part Deux”, Wolfgang and NerdyBeardo present a poorly secured application and how to properly utilize secure coding techniques to defend it. Our attacker demonstrates active attacks against the application including using SQL Injection, Cross Site Scripting, CSRF, and Broken Crypto. Our Defender will walk through a threat model utilizing STRIDE and show how threat model mitigation’s translate to code. Demonstrations will be written in C# however concepts will work with any programming language. All code will be made available on github.