DEF CON 23 - Brent White - Hacking Web Apps
ฝัง
- เผยแพร่เมื่อ 12 ต.ค. 2024
- Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I'll go over the different stages of a web application pen test, from start to finish. We'll start with the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to fuzzing parameters to find potential SQL injection vulnerabilities. I'll also discuss several of the tools and some techniques that I use to conduct a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.
Speaker Bio:
Brent is an Offensive Security Consultant at Solutionary NTT Group Security Company and has spoken at numerous security conferences, including DEF CON 22‹SE Village. He has held the role of Web/Project Manager and IT Security Director at the headquarters of a global franchise company. His experience includes Internal and External Penetration Assessments, Social Engineering and Physical Security Assessments, Wireless and Application Vulnerability Assessments and more.
Twitter: @BrentWDesign
The talk was in the 101 track and was specifically written to be an introduction-level presentation for those who want to know where to start, what tools to use, some pro tips, etc..
Not enough time to really start going in depth.
What sets me apart from the rest is that I take great pride in my work. What comes off my desk is a reflection on me and therefore a reflection on the company so I like my work to be accurate and neat.
I won't say that he isn't experimented, but GOD ! He talked a lot to say obvious things. At this pace, DEFCON will be a scriptKiddies Conf in 2020.
isn't it one now?
And why would increased learning of programming language by younger generations a bad thing? I'd rather see a child practice coding than become a 20-30 year who watches anime obsessively
Quick note .. This is probably a talk that was in the 101 track.
Informative high level talk.
Good high level talk.
As one in the field, I approve!
He sound like Jack Black.
What's Jack black doing at defcon
pentest methodology and kali 101 @ DefCon...?! oO
I dont know anything.. Looking to learn everything.. Came here and found nothing.. I could have found this out by letting my mouse hover.
Ya'll some jerks frfr
First defcon talk i can say sucked
If I had paid the money and taken the time to go to def con and had seen this I would have thought they were trying to be funny. 38 minutes of nothing.
skid
That sums up most pentesters
I know but lmao he basicially did nothing. He just was like use this and this and you're a h4x0r which all of what he said is basic info
I feel like I just watched "An introduction to Kali Linux" by Brent White