As technology advances and applications make use of newer technology, our penetration testing techniques and methods have to keep up. In this presentation, Jason Gillam and Kevin Johnson of Secure Ideas will walk attendees through new web technologies and how testing methods can change to handle the nuances. Some examples of technologies and changes that will be discussed during the talk are; HTTP/2, CSP, CORS and RESTful APIs. During the presentation, Kevin and Jason will walk through each new system or feature and methods to test it. After presenting these techniques, Jason and Kevin will walk through the new modern vulnerable application and the release of the new SamuraiWTF 4.0.

Kevin and Jason are both consultants at Secure Ideas as well as faculty members at IANS. Kevin wrote the web pentesting curriculum for SANS Institute and Jason writes Burp plugins. Both are active project members of the SamuraiWTF project.

Kevin - @secureideas, Jason - @JasonGillam

Back to Derbycon 2016 video list