- read the introduction about the workshop: ( https://www.dropbox.com/s/8j2i8ea6p05ndy9/anttivi-Disobeywebapplicationhackingworkshop-110118-1049-191.pdf?dl=0)
- give us your IP to open up the firewall
- Install a HTTP proxy. Here are instructions for ZAP: (https://www.dropbox.com/s/isps6z89lt4gpv4/OK-OWASPZAPinstallation-110118-1032-189.pdf?dl=0)
- Start hacking (you can start without the proxy.)
- Target 1, the minimal and easy one: http://34.241.53.48:5000
- Target 2, Google Gruyere: https://google-gruyere.appspot.com/start
- Ask for help and clarifications if necessary.. but first, do & try & try again.
- There are more than one way of discovering and exploiting things..
- Don't crash the server if you figure out a way to do it.
- Continue with Google Gruyere
- Hack something else too, like OWASP Juice Shop
- Go for bug bounties perhaps?
- If you are a developer, learn more about hacking and make better software for us all.
- Need a job? apply at https://www.solita.fi/avoimet-tyopaikat/