Hacking Web Apps

Presented at DEF CON 23 (2015), Aug. 6, 2015, 11 a.m. (60 minutes)

Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I'll go over the different stages of a web application pen test, from start to finish. We'll start with the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to fuzzing parameters to find potential SQL injection vulnerabilities. I'll also discuss several of the tools and some techniques that I use to conduct a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.

Presenters:

• Brent White / B1TK1LL3R - Security Consultant, Solutionary, Inc.   as Brent White
  Brent is an Offensive Security Consultant at Solutionary‹An NTT Group Security Company and has spoken at numerous security conferences, including DEF CON 22‹SE Village. He has held the role of Web/Project Manager and IT Security Director at the headquarters of a global franchise company. His experience includes Internal and External Penetration Assessments, Social Engineering and Physical Security Assessments, Wireless and Application Vulnerability Assessments and more. Twitter: @BrentWDesign

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#White
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Brent White - Hacking Web Apps - Slides.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Brent White - Hacking Web Apps - Video.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Brent White - Hacking Web Apps - Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Brent White - Hacking Web Apps - Video and Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Brent White - Hacking Web Apps - Video.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Brent White - Hacking Web Apps - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=I8AhfDEKUQ4

Similar Presentations:

• DEF CON 8 (2000) / Web Application Security
• DEF CON 11 (2003) / Hacking Web Apps
• NolaCon 2016 / Hacking Web Apps (v2)