Imagine hearing about an unpatched, eight-year-old vulnerability in a popular, open-source web application framework originally developed by Google. Most offensive security professionals would likely assume it was an unfounded rumor. At a bare minimum, the developers must have updated documentation like “getting started” tutorials to indicate the inherent danger of using vulnerable features rather than highlighting the application’s functionality. Alternatively, the vulnerable framework features could have been marked as deprecated or the framework documentation could offer suggestions for replacing vulnerable code with updated alternatives.

It may seem hard to believe, but this is not just a rumor. Despite being openly discussed in 2015 and 2023 amongst the security community, the vulnerability in GWT (originally “Google Web Toolkit or sometimes referred to as “GWT Web Toolkit”) exists and could expose application owners to server-side code execution by unauthenticated attackers.

Join us for an exclusive livestream with offensive security expert Ben Lincoln as he unveils his groundbreaking research on the GWT vulnerability. Ben will share his expert knowledge on GWT, enhanced classes, and exploiting a vulnerable GWT application. Most importantly, he will show you how to determine if your GWT application is vulnerable and provide strategies to enhance your organization’s web application security.

This training session is designed to strengthen your offensive security skills when it comes to securing web applications. Discover the key to unlocking invaluable insights on:

• The unique vulnerability in GWT and why it matters for improved web application security
• How to exploit a vulnerable GWT web application and set up an intentionally vulnerable GWT web application to test against

• Assessing vulnerabilities in GWT and developing effective mitigations