ffuf the web - automatable web attack techniques

Presented at May Contain Hackers (MCH2022), July 25, 2022, 2 p.m. (180 minutes)

Transforming the boring parts of web application testing with automation, scalability and a lot of requests: How to automate flagging the potentially vulnerable components and web application parts? Making the tooling work for you and not vice versa? Want to figure out how to build a simple DAST testing case for your application or interested to see how to go from few lines of shellscript or Python to a fully fledged bug bounty hunting automation? Let's make it happen! In this workshop the participants will discover new tools and learn new techniques for building automation tasks to find web application vulnerabilities. The workshop revolves around typical vulnerability classes, and explores the requirements to find and validate vulnerabilities using automation. Participants are provided with a virtual test environment with existing vulnerabilities to fine tune their workflows and to discover more efficient ways to find their way around the web application jungle. This event is suitable for beginners as well as more advanced web application hackers, system administrators and developers alike. Minimum requirements to get the best out of this workshop: - Laptop with Linux based operating system or a Linux VM - Basic knowledge of *NIX command line

Presenters:

  • joohoi
    Working as red team manager at Visma, Joona is a hacker that has experience from multiple vantage points and aspects of information security, software development and brewing. As an open so(u)rcer he is an author or contributor to multiple popular security tools, most relevant in scope of the workshop being ffuf - fuzz faster u fool.

Links:

Similar Presentations: