Violating Web Services

DEF CON 23

Presented by: Ron Taylor
Date: Friday August 07, 2015
Time: 17:00 - 17:50
Location: Packet Capture Village

The majority of today's mobile applications utilize some type of web services interface (primarily SOAP and REST) for connecting to back end servers and databases. Properly securing these services is often overlooked and makes them vulnerable to attacks that might not be possible via the traditional web application interface. This talk will focus on methods of testing the security of these services while utilizing commercial and open source tools. We will also highlight some web services of well-known sites that have been recently violated.

Ron Taylor

Ron Taylor (Twitter: @Gu5G0rman) Ron has been working in the information security field for the past 16 years. He spent 10 years in consulting, gaining experience in many areas. For the past 7 years he has been working as an engineer for Cisco Systems in RTP. His focus is on Pen Testing Cisco products and working with the development teams to implement high security standards. He also holds certifications including GPEN, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP and MCSE. He is a SANS Mentor and one of the founders of BSides Raleigh.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats