Your SlideShare is downloading. ×
Defeating The Intercepting Web Proxy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Defeating The Intercepting Web Proxy

71
views

Published on

Presented at HITB Amsterdam 2013, this presentation goes in detail why using web interception proxies is not always the best approach when doing web application security testing. …

Presented at HITB Amsterdam 2013, this presentation goes in detail why using web interception proxies is not always the best approach when doing web application security testing.

Published in: Software

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
71
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Defeating The Intercepting Web Proxy A Glimpse Into the Next Generation of Web Security Tools Wednesday, 10 April 13
  • 2. Who is this talk for? Wednesday, 10 April 13
  • 3. Why web proxies? Wednesday, 10 April 13
  • 4. •Proxies are basic tools. •They are general purpose. •Provide visibility of the comms. Wednesday, 10 April 13
  • 5. Written in Java! Wednesday, 10 April 13
  • 6. Buffering! Wednesday, 10 April 13
  • 7. Large files are no fun! Wednesday, 10 April 13
  • 8. No pipelining! Wednesday, 10 April 13
  • 9. WebSocket are no go! Wednesday, 10 April 13
  • 10. Plain auth is pain! Wednesday, 10 April 13
  • 11. SSL auth is pain! Wednesday, 10 April 13
  • 12. Custom auth is no! Wednesday, 10 April 13
  • 13. It takes time to setup! Wednesday, 10 April 13
  • 14. Everything is just a request and a response. No understandings of the app purpose and function. Wednesday, 10 April 13
  • 15. Does it pass grandma’s test for Ease of Use? Wednesday, 10 April 13
  • 16. Charles Darwin It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change. Wednesday, 10 April 13
  • 17. Innovation ended with Achilles! Wednesday, 10 April 13
  • 18. This is how web apps will look like in 2 years. Wednesday, 10 April 13
  • 19. Unreal3 engine is ported to asm.js. Wednesday, 10 April 13
  • 20. The most powerful client ever built. Wednesday, 10 April 13
  • 21. HTML5 Wednesday, 10 April 13
  • 22. JavaScript Wednesday, 10 April 13
  • 23. NECKO, XPCOM Wednesday, 10 April 13
  • 24. Chrome APIs Wednesday, 10 April 13
  • 25. To Da Rescue Wednesday, 10 April 13
  • 26. Web Security Testing Reinvented Wednesday, 10 April 13
  • 27. •AttackAPI 2005/2006 •Technika 2006/2007 •Weaponry 2008/2009 •Websecurify Suite 2011/- Wednesday, 10 April 13
  • 28. Suite Wednesday, 10 April 13
  • 29. Runs In The Browser Runs In The Cloud Instant Queued Proactive Reactive Online/Offline Online SAASWEBSECURIFY Wednesday, 10 April 13
  • 30. See what they do. Wednesday, 10 April 13
  • 31. Compiler Code Code Wednesday, 10 April 13
  • 32. Browser Ext. Code Wednesday, 10 April 13
  • 33. Code TargetExt. Wednesday, 10 April 13
  • 34. Code TargetExt. Worker Wednesday, 10 April 13
  • 35. •Ability to send requests. •Ability to intercept transactions. •Ability to access low level APIs. Wednesday, 10 April 13
  • 36. DEMOS Wednesday, 10 April 13
  • 37. Building It Up Wednesday, 10 April 13
  • 38. BadAssProxy Wednesday, 10 April 13
  • 39. What is next? Wednesday, 10 April 13
  • 40. Q&A Wednesday, 10 April 13