SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
Rebel against complex application flow - Nirav Goti
I would be discussing scenarios that I have crossed paths with in my journey to being a pentester. I feel that most of the pentesters relay on intruders instead of logical findings and working dynamically. There should be at least some observational skills and programming skills to at least develop a script that can do the work for you. That can either be an encryption-decryption mechanism or a grep-and-match mechanism from response to the request. Automation with scripting is a necessity as the awareness of hardening application security is increasing. I would like to present a glimpse of how do we observe those mechanisms and build test-cases accordingly then try to perform attacks.
I would be discussing scenarios that I have crossed paths with in my journey to being a pentester. I feel that most of the pentesters relay on intruders instead of logical findings and working dynamically. There should be at least some observational skills and programming skills to at least develop a script that can do the work for you. That can either be an encryption-decryption mechanism or a grep-and-match mechanism from response to the request. Automation with scripting is a necessity as the awareness of hardening application security is increasing. I would like to present a glimpse of how do we observe those mechanisms and build test-cases accordingly then try to perform attacks.