Update: Watch the Re-Live on Youtube
DevSecCon Germany invited us for the following talk: Application Penetration Testing: DOs and DON’Ts
“Penetration testing” – an attack simulation. So what actually is a penetration test? Why is a penetration tester not a paid hacker? How do I test applications efficiently? What are the risks?
The talk will present common methods and hacks of these methods to test faster and more efficiently. Pitfalls will be illustrated using real-life mishaps.
Questions that will be addressed include.
- do I test against Dev/Stage/Prod?
- at what point do I test in my project?
- which roles and rights do I test?
- why are the OWASP Top 10 not a good testing basis, but still a great document?
- why are CAPTCHAs a challenge for testing?
- do I test with or without a web application firewall?
- what is horizontal and vertical privilege escalation?
The insights of the presentation come from 20 years of project experience and hundreds of tested applications.