Version v0.6
lecture: Testing stateful web application workflows
The talk introduces the problem we’ve been facing more and more while testing complex web applications, and shows two working solutions. Burp Suite is known by most and used by many professionals in this field, so its GUI-based features are presented first. But as Burp is far from a one-size-fits-all perfect solution, an alternative is shown combining mitmproxy and commix – a dynamic duo that can not only detect but also exploit the issues. To make things easier to demonstrate (and possibly replicate and improve by readers), an intentionally vulnerable web application was developed that (unlike the aforementioned complex apps) requires minimal effort to deploy, lowering the bar for developing tools that can be used later in enterprise environment.
Info
Day:
2016-08-18
Start time:
16:45
Duration:
00:45
Room:
Klapka
Track:
NETSEC
Links:
- iCalendar
- Paper
- Recording (YouTube)
- Recording (MKV download, Amazon S3 Frankfurt)
- Recording (MKV download, endre's mirror, Hungary)
Feedback
Click here to let us know how you liked this event.
Concurrent events
Speakers
 |
dnet |