The Amazing Toolman - Mastering the tools and propose a hackable "Swiss Army ...SYUE-SIANG SU
The web technology has evolved from being a collection of simple and static pages to fully dynamic applications, and applications are getting more complex than they used to be. Besides, most big firms, such as Google, Facebook, etc, are still suffering from lots of attacks regarding web technology. Therefore, web security has increased in importance in this age.
Imagine being a well-trained expert in Web Security, there are still lots of dirty works have to be done manually when you are penetrating a website, something like finding potential entry points or probing possible attack vectors. Thus, an experienced export will then take advantage of some handy tools in order to deal with these works.
Many tools are out there, however, are actually doing the same thing, or even just a clone of another project, but with a little modification. Hence, we have to wisely choose those best tools out of them. In addition, we have no way using these tools comfortably at once. We often have to open these tools everywhere in every corner and toggle them respectively.
In this slide, I will introduce some handy tools, and then propose a hackable "Swiss Army Knife" security framework for the 21st century. This framework can be used in conjunction with existing tools like Burp, Docker, etc, and also a plenty of web extensions you often used on Chrome and Firefox. In addition, we can control and manage the WebExtension APIs as well, and therefore we can catch the snitch inside web extensions more easily.
The Amazing Toolman - Mastering the tools and propose a hackable "Swiss Army ...SYUE-SIANG SU
The web technology has evolved from being a collection of simple and static pages to fully dynamic applications, and applications are getting more complex than they used to be. Besides, most big firms, such as Google, Facebook, etc, are still suffering from lots of attacks regarding web technology. Therefore, web security has increased in importance in this age.
Imagine being a well-trained expert in Web Security, there are still lots of dirty works have to be done manually when you are penetrating a website, something like finding potential entry points or probing possible attack vectors. Thus, an experienced export will then take advantage of some handy tools in order to deal with these works.
Many tools are out there, however, are actually doing the same thing, or even just a clone of another project, but with a little modification. Hence, we have to wisely choose those best tools out of them. In addition, we have no way using these tools comfortably at once. We often have to open these tools everywhere in every corner and toggle them respectively.
In this slide, I will introduce some handy tools, and then propose a hackable "Swiss Army Knife" security framework for the 21st century. This framework can be used in conjunction with existing tools like Burp, Docker, etc, and also a plenty of web extensions you often used on Chrome and Firefox. In addition, we can control and manage the WebExtension APIs as well, and therefore we can catch the snitch inside web extensions more easily.