Hacking Web Apps

DerbyCon V - Unity

Presented by: Brent White
Date: Friday September 25, 2015
Time: 18:00 - 18:25
Location: Track 5
Track: Stable Talks

Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I’ll go over the different stages of a web application pen test, from start to finish. We’ll start with the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets “footprint”, all the way to fuzzing parameters to find potential SQL injection vulnerabilities. I’ll also discuss several of the tools and some techniques that I use to conduct a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.

Brent White


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats