We would love to invite you to our training on Web Hacking Basics.
In this training, we will explore web application security and hack a few web applications (max. 3, all vulnerable, only on your own local machine). In addition to cross-site scripting (XSS) and SQL injection (SQLi), we will also use directory traversals, file inclusions, and Linux command injections.
The training is also suitable for beginners in web hacking, but there are also separate challenges for those who are already a little more advanced.
Trainer: Jackie / Andrea* Ida Malkah Klaura teaches at TU Wien and the University of Applied Arts Vienna, among other institutions. Jackie holds degrees in technical computer science from TU Wien, in science and technology studies from the University of Vienna, and in IT security from FH Technikum Wien. In addition to her current work as a software developer and her previous involvement in IT operations, her main interest lies in bringing people and technologies together to create safer, more participatory, and more sustainable spaces for the introduction and development of tools and techniques, as well as for the exchange of knowledge, with the aim of contributing to a good life for all.
Prerequisites: No prior knowledge is necessary.
For those who are still unfamiliar with basic security concepts (CIA triad) and web application basics (HTTP(S), cookies, including XSS and SQLi), I recommend watching my introductory talk on web application security, “What the Hack is Web App Sec?”, from CodeCrafts 2025: https://www.youtube.com/watch?v=T-aBAt2_I98 (~30 min)
Software requirements:
- Either install Docker
- Or a virtual Kali or Parrot machine (generally recommended for hacking, unless you have already built your own toolbox)
If you don’t have a VM or Docker yet and need help with installation, you can join a remote installation support session on the evening before (January 14) at 6 p.m.
Registration: https://forms.gle/ePmPzzhj7PpEL8zK6
Target group: This training is exclusively for women and FINTA*.