| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
One of the critical attack vectors against web application is exploiting access control and business logic. These are severe problems, but discovering these issues are difficult. It is because web application scanner cannot find out these vulnerabilities and the ways of exploitation are dependent on the web application design. In my talk, I would like to share the techniques penetration testers usually uses the several case studies, and remediation methods.
Tomohisa Ishikawa is a Japanese IT security consultant with seven years of experience. He is specialized in penetration testing, incident response, vulnerability management, secure development, and security education. He has various experiences in leading domestic and international IT security consultation projects, and many opportunities to teach security essentials, secure programming, and secure design. He holds a Bachelor of Arts in Computer Science, and several certifications such as CISSP, CISA, CISM, CFE, QSA and GIAC (GPEN, GWAPT, GXPN, GWEB, GSNA, GREM, and GCIH). He is also in a doctoral program where he will obtain his Ph.D. degree.
Recorded at BSides Philly 2016
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast