Mehis Hakkaja – Manual WebApp Pentesting Fun Stories (with hacking demos)
TTS
We all make mistakes, but when you look at someone else's WebApp from a penetration tester's point of view, you are bound to get a good laugh. Manual penetration testing is the only proper way to test WebApps and creative, out-of-the-box thinking allows pentesters to see simple things that developers do not often see for themselves themselves. Of course there is also no avoiding the many mistakes that keep just repeating. This is an "edutainment" style talk, not to really make fun of developers, but to help them think a bit differently about their code and what their simple mistakes can lead to. The talk will be augmented with fun "war-stories" and live hacking demos of web attacks and also some resulting computer takeover's.
source
Gloss