A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Hacking Web Apps - Brent White Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hacking Web Apps
Brent White
Derbycon 2015

Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I'll go over the different stages of a web application pen test, from start to finish. We'll start with the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to fuzzing parameters to find potential SQL injection vulnerabilities. I'll also discuss several of the tools and some techniques that I use to conduct a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.

Brent is an Offensive Security Consultant at Solutionary--An NTT Group Security Company and has spoken at numerous security conferences, including ISSA International, B-Sides Nashville, CircleCityCon and DEF CON 22 - SE Village. He has held the role of Web/Project Manager and IT Security Director at the headquarters of a global franchise company. His experience includes Internal and External Penetration Assessments, Social Engineering and Physical Security Assessments, Wireless and Application Vulnerability Assessments and more.


Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast