identity theft

UPDATE: I'm currently trapped in NYC working on a project and am not at this late hour, entirely sure if I'll be back in time to do this session.

I while ago I built a demo merchant site for the express purpose of demonstrating web application hacking techniques. These include complex attacks, as well as some basic SQL injection, with attack payloads ranging from database enumeration to gaining system level access on the underlying web server through bad application code. I'll likely end up speaking a bit about secure coding.

I'd like to give a demo of common attack techniques which may be of great interest to developers, techies, and anyone that has wondered about attack techniques.