|
Penetration Testing of Web Applications
Level:
Intermediate
Track:
n/a
Starts:
Sep 29 2007 1:15 PM
Ends:
Sep 29 2007 2:45 PM
Room:
MPR-B
Speaker:
Robert Hurlbut
Penetration Testing is the process of analyzing applications and infrastructures through the eyes of an attacker and to use exactly the same techniques and tools an attacker would use.
This session gives the theory behind auditing and penetration/security testing and introduces proven methodologies. Common programming pitfalls like input validation flaws including SQL Injection, cross site scripting and directory traversal, ASP.NET misconfigurations and overall "hackable" application designs are shown with a detailed explanation how to exploit these security holes. We will also briefly cover testing of web services applications as well. After this session you will have the knowledge to start testing your own web applications for security problems and using tools to automate these tests.
|