DeepSec 2012 Workshop: Web Application Penetration Testing
If eyes are the window to your soul, then web applications are the gateways to your heart. Of course this is only a figure of speech, but once you take a look at security incidents and the role of web applications, then you get the idea of the analogy. Web applications are everywhere. It’s not always about your favorite intranet application. A lot of devices run web applications, too. And there are portals which really give you access to a whole variety of information and services. Speaking of services, you can have application programming interfaces (APIs), too. APIs usually do not talk to humans, but maybe they can be automated to do Bad Things™. This is where penetration testing comes in. Ari Elias-Bachrach will teach you how to approach web applications in the context of serious penetration testing.
The workshop will give you a hands-on experience with the various tools and methods you can employ to discover security vulnerabilities and bugs on live systems (running virtualised on your laptop). You will learn what the attacker’s view of your web application is and how you approach it. The training is intended for (web) developers, security -minded persons, pen testers, and IT experts dealing with web application (in)security.