23. Juli 2021

DevSecCon Meetup: „Application Penetration Testing: DOs and DON’Ts“

DevSecCon Germany

Update: Watch the Re-Live on Youtube

DevSecCon Germany invited us for the following talk: Application Penetration Testing: DOs and DON’Ts

“Penetration testing” – an attack simulation. So what actually is a penetration test? Why is a penetration tester not a paid hacker? How do I test applications efficiently? What are the risks?

The talk will present common methods and hacks of these methods to test faster and more efficiently. Pitfalls will be illustrated using real-life mishaps.

Questions that will be addressed include.

  • do I test against Dev/Stage/Prod?
  • at what point do I test in my project?
  • which roles and rights do I test?
  • why are the OWASP Top 10 not a good testing basis, but still a great document?
  • why are CAPTCHAs a challenge for testing?
  • do I test with or without a web application firewall?
  • what is horizontal and vertical privilege escalation?

The insights of the presentation come from 20 years of project experience and hundreds of tested applications.

Meetup here