Presented at REcon 2005
June 18, 2005, 1:30 p.m.
This talk is the "how do they do that" of web application hacking. The talk will cover live examples of most of the attack vectors used against web applications in the wild today. The latter part of the talk will discuss topics like the current defenses (and why they suck), automatic testing (and the challenges they face) and how this will all change (or not!) with the introduction of new technologies like SOAP and web services.
Haroon Meer is the Technical Director at SensePost. He joined SensePost in 2001 as part of the technical team, where he spends most of his time in the development of additional security related tools and proof of concept code. He has released several tools/papers on subject matters relating to Network / Web Application security and is a regular presenter at conferences like Black Hat and DEFCON. Haroon wrote the chapter on Hacking Custom Web applications for the Syngress book "Special Ops: Network & Host Security" and has recently contributed to books on the Nessus Security Scanner and on "Agressive Network Self-Defense"