Successfully reported this slideshow.

Rebel against complex application flow - Nirav Goti

0

Share

Upcoming SlideShare
Log Analysis
Log Analysis
Loading in …3
×
1 of 20
1 of 20

Rebel against complex application flow - Nirav Goti

0

Share

I would be discussing scenarios that I have crossed paths with in my journey to being a pentester. I feel that most of the pentesters relay on intruders instead of logical findings and working dynamically. There should be at least some observational skills and programming skills to at least develop a script that can do the work for you. That can either be an encryption-decryption mechanism or a grep-and-match mechanism from response to the request. Automation with scripting is a necessity as the awareness of hardening application security is increasing. I would like to present a glimpse of how do we observe those mechanisms and build test-cases accordingly then try to perform attacks.

https://nsconclave.net-square.com/rebel-against-complex-application-flow.html

I would be discussing scenarios that I have crossed paths with in my journey to being a pentester. I feel that most of the pentesters relay on intruders instead of logical findings and working dynamically. There should be at least some observational skills and programming skills to at least develop a script that can do the work for you. That can either be an encryption-decryption mechanism or a grep-and-match mechanism from response to the request. Automation with scripting is a necessity as the awareness of hardening application security is increasing. I would like to present a glimpse of how do we observe those mechanisms and build test-cases accordingly then try to perform attacks.

https://nsconclave.net-square.com/rebel-against-complex-application-flow.html

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Rebel against complex application flow - Nirav Goti

  1. 1. $ Who am I? •Security Analyst @Net Square Solution Pvt. Ltd. •Wireless Guy •Forensics Guy •B.E in Computer Science SLTIET, Rajkot. •Twitter: @crashskull •LinkedIn: crashskull || Nirav Goti
  2. 2. Complex Applications? • Factors of a complex application. • Architecture • Parsing • WAF, Regex, Automations / QA
  3. 3. Architecture
  4. 4. By Ravi Paghdal
  5. 5. Parser(s)
  6. 6. @orange.tsai - ssrf
  7. 7. Regex, WAF, Automations.
  8. 8. Definitely not with a sniper!
  9. 9. One doesn't bring sniper to a street fight.
  10. 10. @therealsaumil - The CISO's Dilemma
  11. 11. Talk Demo1Demo2
  12. 12. Any Questions?
  13. 13. See you on the other side, nakama!

×