Forgotten Inputs: Finding Web App Flaws By Understanding The Dev's Mind

Presented at BSidesDC 2017, Oct. 7, 2017, 1:30 p.m. (50 minutes)

Nothing provides an edge in a web application penetration test quite like understanding how the developer sees things. As a developer-turned-pentester, Mic often has insight into the inputs a web app developer will most forget to protect, and how to exploit them.

Presenters:

• Mic Whitehorn-Gillam - Senior Security Consultant at Secure Ideas
  I'm Mic, and I have been putting *stuff* on the internet for nearly 20 years. Within that, I spent over a decade as a web application developer (usually full-stack), having worked with a wide-variety of technology stacks. I'm also a long-time security enthusiast, having made the switch from primarily building web applications (and unofficially assessing them for security flaws) to primarily penetration testing web applications (and unofficially building them, on the side).

Links:

• https://bsidesdc2017.busyconf.com/schedule#activity_5940502b707644e8d300029a
• https://www.youtube.com/watch?v=jLVrt44gn9E

Similar Presentations:

• ToorCon: Seattle (Beta) (2007) / Web 4.0