A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Hacking Web Apps (v2) - Tim Roberts, Brent White NolaCon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hacking Web Apps (v2)
Tim Roberts, Brent White

Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, We'll go over the different stages of a web application pen test, from start to finish. We'll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to tools used for fuzzing parameters to find potential SQL injection vulnerabilities. We'll also discuss pro-tips and tricks that we use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.

Tim is an Offensive Security Consultants within Solutionary's Offensive Security Services team (NTT Group) and maintain Solutionary's Red Team and Social Engineering methodologies. They have also spoken at internationally recognized security conferences including DEFCON, DerbyCon, B-Sides, CircleCityCon, ISSA International and more. Tim has held management, IT and physical security roles across multiple industries, including healthcare and government.

Brent is a Offensive Security Consultant within Solutionary's Offensive Security Services team (NTT Group) and maintain Solutionary's Red Team and Social Engineering methodologies. They have also spoken at internationally recognized security conferences including DEFCON, DerbyCon, B-Sides, CircleCityCon, ISSA International and more. Brent has held several IT roles including Security Director of a global franchise company. Experience with traditional/non-traditional pentesting techniques include network, wireless, social engineering, application and physical testing. By sharing their experiences, they hope to continue to contribute to the InfoSec community.

@brentwdesign

Recorded at NolaCon 2016

Back to NolaCon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast