Now every financial sector applications i.e. mobile or web, use one more security layer which is encryption mechanism so the attacker who able to intercept the traffic through any MITM tools can not able to understand the request data. When we do pen-testing we follow some methodology, we have to test each and every parameter and request. well as we all know attackers don't follow any rules or regulations, when they want to attack they will find the way to do it. So as keeping the mindset of the attacker, we will understand this kind of encryption mechanism, what developer thinks when they implement this? also what kind of mistakes they do? why they feel putting encryption means the application is secure? what makes them think that no one can break there logic? so they hide sensitive information behind the encryption. So keeping all above maybe some more cases in my mind, I prepared my own "Debugging methodology" for this, which I follow when I face this kind of scenarios
What is this talk about?
● Brief About Js Engines
● DevTools (V8)
● Extra Security layer implemented inside banking application
● How to break it, fuzz it and bypass something?
● How to debug Add-on or web browser extensions?
Don’t worry, this session will have lot of demos!!!
● How Developers see it : Building stuff
● How Attackers see it : Breaking stuff
● Using JS, you can build a complete -
a. web/mobile applications.
b. Real-time networking apps (chats, video streamings).
c. Command line tools.
e. Desktop Application.
f. Windows 95 using electron.
● Browser Engines