Participants will attack web applications with: command injection, SQL injection, cross-site request forgery, cross-site scripting, cookie manipulation, and server-side template injection. This workshop will also exploit Drupal and SAML. Participants will then implement network defenses and monitoring agents, using Burp, Splunk, and Suricata.
https://wiki.hope.net/index.php?title=Securing_Web_Apps_workshop