Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, We'll go over the different stages of a web application pen test, from start to finish. We'll start with tools used during the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to tools used for fuzzing parameters to find potential SQL injection vulnerabilities. We'll also discuss pro-tips and tricks that we use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.

Tim is an Offensive Security Consultants within Solutionary's Offensive Security Services team (NTT Group) and maintain Solutionary's Red Team and Social Engineering methodologies. They have also spoken at internationally recognized security conferences including DEFCON, DerbyCon, B-Sides, CircleCityCon, ISSA International and more. Tim has held management, IT and physical security roles across multiple industries, including healthcare and government.

Brent is a Offensive Security Consultant within Solutionary's Offensive Security Services team (NTT Group) and maintain Solutionary's Red Team and Social Engineering methodologies. They have also spoken at internationally recognized security conferences including DEFCON, DerbyCon, B-Sides, CircleCityCon, ISSA International and more. Brent has held several IT roles including Security Director of a global franchise company. Experience with traditional/non-traditional pentesting techniques include network, wireless, social engineering, application and physical testing. By sharing their experiences, they hope to continue to contribute to the InfoSec community.

@brentwdesign

Recorded at NolaCon 2016