A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Old Tools, New Tricks: Hacking WebSockets - Michael Fowl, Nick Defoe Derbycon 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Old Tools, New Tricks: Hacking WebSockets
Michael Fowl, Nick Defoe
Derbycon 2019

Many application penetration testers and developers have struggled to figure out how to assess the security of WebSocket applications. When new technologies like WebSockets are developed, often the tooling available for penetration testing takes awhile to catch up. What if you could use traditional web penetration testing tools to assess WebSockets? By leveraging concepts found in native code fuzzing, you can! We have been using a novel approach that allows traditional web security testing tools to find vulnerabilities in WebSocket applications.

Michael Fowl works as a Senior Security Engineer at VDA Labs where he leverages offensive information security skills to help clients. An avid bug hunter and penetration tester, Michael has spent countless hours performing web application assessments, including placing as a top finisher in events like ?Hack the Pentagon.? Nick Defoe is a Security Operations Manager at VDA Labs where he manages security consulting engagements to ensure success. Coming from a background in web application development, Nick has worked on penetration tests and application assessments for many major brands.

Michael Fowl - @WhiteHatTSA & Nick Defoe - @ndefoe

Back to Derbycon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast