Presented at
THOTCON 0x4 (2013),
April 26, 2013, 11 a.m.
(25 minutes)
HTTP is being used to transport new request formats such as those from mobile apps, REST, JSON, AMF and GWTk, but few security teams have updated their testing procedures. All of these new formats are potential new playgrounds for attackers and pen testers. You just need to know how to play. In this talk, Dan Kuykendall will demonstrate the process of breaking down these new formats and where to attack them on various vulnerable applications. Most of the attacks are the familiar classics like SQL and Command injection applied in modern applications. Attendees will learn to leverage their existing pen testing skills and techniques and apply them to these new formats.
Presenters:
-
Dan Kuykendall
Dan has been with NTO for more than 10 years and is responsible for the strategic direction and development of products and services. He also works closely with technology partners to make sure our integrations are both deep and valuable. As a result of Dan’s dedication to security, technology innovation and software development, NTO application security scanning software is often recognized as the most accurate because of its sophisticated automation techniques. Dan joined NTO from Foundstone, where he was a key developer of FoundScane’s scan management, and remediation capabilities. Before Foundstone, Dan was the founder of the Information Security team in the United States branches of Fortis. When Dan’s not working on NTO products or screen sharing with our customers to help them solve their application security challenges, you’ll find him blogging, co-hosting An Information Security Place Podcast and speaking at conferences like B-Sides, OWASP AppSecUSA, HouSecCon, ToorCon and more. He also works with industry groups and contributes to many open source development projects. Little known fact about Dan, he was a founder of the phpGroupWare project and creator of podPress.
Similar Presentations: