Hacking Web Apps (v2)

Presented at NolaCon 2016, May 21, 2016, 1 p.m. (Unknown duration)

Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, We’ll go over the different stages of a web application pen test, from start to finish.

He'll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to tools used for fuzzing parameters to find potential SQL injection vulnerabilities. We'll also discuss pro-tips and tricks that we use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.

Presenters:

• Brent White / B1TK1LL3R   as Brent White
  Brent is an Sr. Security Consultant at NTT Security. He is the founder of the Nashville DEF CON group (DC615) and is the Global Coordinator for the DEF CON conference Groups program. He has held the role of Web/Project Manager and IT Security Director at the headquarters of a global franchise company as well as Web Manager and information security positions for television personalities on The Travel Channel. He has also been interviewed on the popular web series, Hak5‚ with Darren Kitchen, BBC News, and Microsoft‚ Roadtrip Nation show. Brent has also spoken at numerous security conferences including DEF CON, DerbyCon and ISSA International. Twitter: @brentwdesign
• Tim Roberts / byt3boy   as Tim Roberts
  Tim is a Sr. Security Consultant within NTT Security’s Threat Services group. He has spoken at national, international and collegiate security conferences, including ISSA International, DEF CON, DerbyCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence at Marshall University and more. He has been interviewed on the subject of “White hat hacking” for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering and is a regular contributor to NTT Security’s #WarStoryWednesday blog series. Tim has held management, IT and physical security roles across multiple industries, including healthcare and government. His professional experiences cover traditional/non-traditional hacking techniques that include network, wireless, social engineering, application, physical and scenario-based compromises. These techniques have led to highly successful Red Team assessments against corporate environments. By continuing to share these experiences, he hopes to further contribute to the InfoSec community.

Links:

• https://nolacon.com/talk/hacking-web-apps-v2

Similar Presentations:

• DEF CON 8 (2000) / Web Application Security
• DEF CON 11 (2003) / Hacking Web Apps
• DEF CON 23 (2015) / Hacking Web Apps