Next-Layer Hacking - Testing Web Services (SOAP, REST, GraphQL)

Presented at SAINTCON 2019, Oct. 24, 2019, 8 a.m. (120 minutes).

**Training is limited to 40 people. Training is first come first serve!!!** More and more applications these days rely heavily on using web services to deliver content to users. Breaking modern web applications requires an understanding of how these services work. In this course we will review exploits, vulnerabilities, tools and techniques that can be used to break these services. This course provides students with knowledge of these common vulnerabilities while using open source tools and professional techniques used to perform web application penetration tests. Students will be introduced to open source tools including Burp Suite, SQLmap and others, when they should be used, and taught to use these tools to complement a tester's expertise. Most importantly, this course will teach students how to use this knowledge to perform tests on web services. Vulnerabilities: SQLi, Broken Access Control, IDOR, Data Exposure, Resource Exhaustion, Data Enumeration **Training is limited to 40 people. Training is first come first serve!!!**

Presenters:

  • Seth Law - Redpoint Security
    Seth Law is the President and Principal Security Consultant of Redpoint Security (rdpt.io). During the last 15 years, Seth has worked within multiple disciplines, from software development to network protection, as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. His understanding of the software development lifecycle and ability to equate security issues with development tasks has allowed him to speak at conferences ranging from Blackhat and DEF CON to local security meetups. In his spare time, Seth revels in deep-level analysis of programming languages and inherent flaws, develops the iOS version of HackerTracker, and co-hosts the Absolute AppSec podcast with Ken Johnson.

Links:

Similar Presentations: