Offensive Python For Web Hackers (Blackhat)
Description: This is the video of the talk titled "Offensive Python for Web Hackers" given at Blackhat 2010.
It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, or even fat client they all seem to be using web protocols to communicate. Adding to the traditional landscape there is rise in the use of application programming interfaces, integration hooks, and next generation web technologies. What this means for someone testing web applications is that flexibility is the key to success. The Python programming language is just as flexible as today’s web application platforms. The language is appealing to security professionals because it is easy to read and write, has a wide variety of modules, and has plenty of resources for help. This additional flexibility affords the tester greater depth than many of the canned tests that come with common tools they use on a daily basis. Greater familiarity plus flexible language equals tester win!
In this presentation we introduce methods with which to create your own clients, tools, and test cases using the Python programming language. We want to put testers closer to the conditions in which they are testing for and arm them with the necessary resources to be successful. We also discuss interfacing with current tools that people commonly use for web application testing. This allows for pinpoint identification of specific vulnerabilities and conditions that are difficult for other tools to identify.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.