A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Next Gen Web Pen Testing: Handling modern applications in a penetration test - Kevin Johnson and Jason Gillam Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Next Gen Web Pen Testing: Handling modern applications in a penetration test
Kevin Johnson and Jason Gillam
Derbycon 2016

As technology advances and applications make use of newer technology, our penetration testing techniques and methods have to keep up. In this presentation, Jason Gillam and Kevin Johnson of Secure Ideas will walk attendees through new web technologies and how testing methods can change to handle the nuances. Some examples of technologies and changes that will be discussed during the talk are; HTTP/2, CSP, CORS and RESTful APIs. During the presentation, Kevin and Jason will walk through each new system or feature and methods to test it. After presenting these techniques, Jason and Kevin will walk through the new modern vulnerable application and the release of the new SamuraiWTF 4.0.

Kevin and Jason are both consultants at Secure Ideas as well as faculty members at IANS. Kevin wrote the web pentesting curriculum for SANS Institute and Jason writes Burp plugins. Both are active project members of the SamuraiWTF project.

Kevin - @secureideas, Jason - @JasonGillam

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast