Web apps are easy if you know what to look for. The same mistakes are made over and over again. It’s the interesting bugs that keep you on your toes though. The bugs living in the darkest corners of bus-factor-0 code. I will be going over various tools and techniques I use when gleaning exploits from vulnerabilities found, ranging from RCE to XXE. There will be demos of automating finding common vulnerabilities- and demos of active exploitation. Common and custom tools will be used (custom tools available on github).

Back to Derbycon 2014 video list