Under The Radar Web App Recon

Presented at Kiwicon 6: The Con of the Beast (2012), Nov. 17, 2012, 5 p.m. (30 minutes)

Whether you're part of the next LulzSec trying to loot a defence contractor or you're a QSA doing pre-engagement scoping, being able to hunt down security vulnerabilities and perform reconnaissance against a web application with zero chance of being detected is useful. This talk will cover off what types of things you can find (as well as the limitations) when poking around in someone else's web app appearing as nothing more than a regular web browser, and will be accompanied by the release of a tool for doing this.

Presenters:

• Dean "tecnik" Jerkovich
  Dean is a security consultant with NCC Group, specializing in all things intrusion: penetration testing and incident response. Dean spends the majority of his time poking around web applications and networks throughout Australia where he's currently living amongst deadly spiders and crocodiles. At any one time there's a 98% chance he hasn't had enough coffee.

Links:

• https://2012.kiwicon.org/the-con/talks/#e63

Similar Presentations:

• DEF CON 9 (2001) / Web Application Security
• DEF CON 8 (2000) / Web Application Security
• ToorCon: Seattle (Beta) (2007) / Web 4.0