Description: One of the critical attack vectors against web application is exploiting access control and business logic. These are severe problems, but discovering these issues are difficult. It is because web application scanner cannot find out these vulnerabilities and the ways of exploitation are dependent on the web application design. In my talk, I would like to share the techniques penetration testers usually uses the several case studies, and remediation methods.
Tomohisa Ishikawa is a Japanese IT security consultant with seven years of experience. He is specialized in penetration testing, incident response, vulnerability management, secure development, and security education. He has various experiences in leading domestic and international IT security consultation projects, and many opportunities to teach security essentials, secure programming, and secure design. He holds a Bachelor of Arts in Computer Science, and several certifications such as CISSP, CISA, CISM, CFE, QSA and GIAC (GPEN, GWAPT, GXPN, GWEB, GSNA, GREM, and GCIH). He is also in a doctoral program where he will obtain his Ph.D. degree.
For More Information Please Visit:- http://www.bsidesphilly.org/
http://www.irongeek.com/i.php?page=videos/bsidesphilly2016/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.