Rebel against complex application flow - Nirav Goti

•

Jan. 29, 2020

• •

$ Who am I?
•Security Analyst
@Net Square Solution Pvt. Ltd.
•Wireless Guy
•Forensics Guy
•B.E in Computer Science
SLTIET,...

Complex Applications?
• Factors of a complex application.
• Architecture
• Parsing
• WAF, Regex, Automations / QA

Architecture

Next SlideShares

Upcoming SlideShare

Loading in …3

×

Rebel against complex application flow - Nirav Goti

Jan. 29, 2020

• •

I would be discussing scenarios that I have crossed paths with in my journey to being a pentester. I feel that most of the pentesters relay on intruders instead of logical findings and working dynamically. There should be at least some observational skills and programming skills to at least develop a script that can do the work for you. That can either be an encryption-decryption mechanism or a grep-and-match mechanism from response to the request. Automation with scripting is a necessity as the awareness of hardening application security is increasing. I would like to present a glimpse of how do we observe those mechanisms and build test-cases accordingly then try to perform attacks.

https://nsconclave.net-square.com/rebel-against-complex-application-flow.html

I would be discussing scenarios that I have crossed paths with in my journey to being a pentester. I feel that most of the pentesters relay on intruders instead of logical findings and working dynamically. There should be at least some observational skills and programming skills to at least develop a script that can do the work for you. That can either be an encryption-decryption mechanism or a grep-and-match mechanism from response to the request. Automation with scripting is a necessity as the awareness of hardening application security is increasing. I would like to present a glimpse of how do we observe those mechanisms and build test-cases accordingly then try to perform attacks.

https://nsconclave.net-square.com/rebel-against-complex-application-flow.html

More Related Content

Now What?: How to Move Forward When We're Divided (About Basically Everything) Sarah Stewart Holland

Boundaries Updated and Expanded Edition: When to Say Yes, How to Say No To Take Control of Your Life Henry Cloud

Never Split the Difference: Negotiating As If Your Life Depended On It Chris Voss

The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are Brené Brown

Girl, Wash Your Face: Stop Believing the Lies About Who You Are so You Can Become Who You Were Meant to Be Rachel Hollis

A Stolen Life: A Memoir Jaycee Dugard

Maybe You Should Talk to Someone: A Therapist, HER Therapist, and Our Lives Revealed Lori Gottlieb

Girl, Stop Apologizing: A Shame-Free Plan for Embracing and Achieving Your Goals Rachel Hollis

The 7 Habits of Highly Effective People: Powerful Lessons in Personal Change: 25th Anniversary Infographics Edition Stephen R. Covey

The 7 Habits of Highly Effective People Personal Workbook Stephen R. Covey

Dry: A Memoir Augusten Burroughs

Anxious for Nothing: Finding Calm in a Chaotic World Max Lucado

The 7 Habits of Highly Effective People Stephen R. Covey

Decluttering at the Speed of Life: Winning Your Never-Ending Battle with Stuff Dana K. White

The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life Mark Manson

How May I Serve Karen Mathews

Plays Well with Others: The Surprising Science Behind Why Everything You Know About Relationships is (Mostly) Wrong Eric Barker

Be the Love: Seven Ways to Unlock Your Heart and Manifest Happiness Sarah Prout

Radical Confidence: 10 No-BS Lessons on Becoming the Hero of Your Own Life Lisa Bilyeu

Endure: How to Work Hard, Outlast, and Keep Hammering Cameron Hanes

I Guess I Haven't Learned That Yet: Discovering New Ways of Living When the Old Ways Stop Working Shauna Niequist

The unBalanced Life: 10 Principles for a More Balanced Life Pierre Quinn

You're Cute When You're Mad: Simple Steps for Confronting Sexism Scribd Originals Audio

The Four Keys to Sustainable Success Patricia Grabarek PhD

Golden: The Power of Silence in a World of Noise Justin Zorn

How to Be Perfect: The Correct Answer to Every Moral Question Michael Schur

Memory Craft: Improve Your Memory with the Most Powerful Methods in History Lynne Kelly

Dad on Pills: Fatherhood and Mental Illness Scribd Originals Audio

How to Notice and Name Emotions Emma McAdam

Reshape Your Body Image Stacie Garland

The Expectation Effect: How Your Mindset Can Change Your World David Robson

Already Enough: A Path to Self-Acceptance Lisa Olivera

Rebel against complex application flow - Nirav Goti

1. $ Who am I? •Security Analyst @Net Square Solution Pvt. Ltd. •Wireless Guy •Forensics Guy •B.E in Computer Science SLTIET, Rajkot. •Twitter: @crashskull •LinkedIn: crashskull || Nirav Goti
2. Complex Applications? • Factors of a complex application. • Architecture • Parsing • WAF, Regex, Automations / QA
3. Architecture
4. By Ravi Paghdal
5. Parser(s)
6. @orange.tsai - ssrf
7. Regex, WAF, Automations.
8. Definitely not with a sniper!
9. One doesn't bring sniper to a street fight.
10. @therealsaumil - The CISO's Dilemma
11. Talk Demo1Demo2
12. Any Questions?
13. See you on the other side, nakama!