Description: Abstract
HTTP is being used to transport new request formats such as those from mobile apps, REST, JSON, AMF and GWTk, but few security teams have updated their testing procedures. All of these new formats are potential new playgrounds for attackers and pen testers. You just need to know how to play. In this talk, Dan Kuykendall will demonstrate the process of breaking down these new formats and where to attack them on various vulnerable applications. Most of the attacks are the familiar classics like SQL and Command injection applied in modern applications. Attendees will learn to leverage their existing pen testing skills and techniques and apply them to these new formats.
*****
Speakers
Dan Kuykendall, co-CEO and CTO, NT OBJECTives
Dan Kuykendall manages NT OBJECTives’ software development and handles NTO’s relationships with several partner companies. He has an extensive background in web application development and security. As part of the founding team, Dan has been involved in the methodologies and design of NTO’s flagship product since its inception. Dan joins NT OBJECTives from Foundstone, where he was responsible for the portal interface to the company’s flagship product, Fo…
Tags: securitytube , hacking , hackers , information security , convention , computer-security , appsecusa , appsecus-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.