Defeating The Intercepting Web Proxy
•
2 recomendaciones•442 vistas
Presented at HITB Amsterdam 2013, this presentation goes in detail why using web interception proxies is not always the best approach when doing web application security testing.
Recomendados
Recomendados
Más contenido relacionado
Más de Websecurify
Más de Websecurify (10)
Último
Último (20)
Defeating The Intercepting Web Proxy
- 1. Defeating The Intercepting Web Proxy A Glimpse Into the Next Generation of Web Security Tools Wednesday, 10 April 13
- 2. Who is this talk for? Wednesday, 10 April 13
- 3. Why web proxies? Wednesday, 10 April 13
- 4. •Proxies are basic tools. •They are general purpose. •Provide visibility of the comms. Wednesday, 10 April 13
- 5. Written in Java! Wednesday, 10 April 13
- 7. Large files are no fun! Wednesday, 10 April 13
- 8. No pipelining! Wednesday, 10 April 13
- 9. WebSocket are no go! Wednesday, 10 April 13
- 10. Plain auth is pain! Wednesday, 10 April 13
- 11. SSL auth is pain! Wednesday, 10 April 13
- 12. Custom auth is no! Wednesday, 10 April 13
- 13. It takes time to setup! Wednesday, 10 April 13
- 14. Everything is just a request and a response. No understandings of the app purpose and function. Wednesday, 10 April 13
- 15. Does it pass grandma’s test for Ease of Use? Wednesday, 10 April 13
- 16. Charles Darwin It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change. Wednesday, 10 April 13
- 17. Innovation ended with Achilles! Wednesday, 10 April 13
- 18. This is how web apps will look like in 2 years. Wednesday, 10 April 13
- 19. Unreal3 engine is ported to asm.js. Wednesday, 10 April 13
- 20. The most powerful client ever built. Wednesday, 10 April 13
- 21. HTML5 Wednesday, 10 April 13
- 23. NECKO, XPCOM Wednesday, 10 April 13
- 24. Chrome APIs Wednesday, 10 April 13
- 25. To Da Rescue Wednesday, 10 April 13
- 26. Web Security Testing Reinvented Wednesday, 10 April 13
- 27. •AttackAPI 2005/2006 •Technika 2006/2007 •Weaponry 2008/2009 •Websecurify Suite 2011/- Wednesday, 10 April 13
- 28. Suite Wednesday, 10 April 13
- 29. Runs In The Browser Runs In The Cloud Instant Queued Proactive Reactive Online/Offline Online SAASWEBSECURIFY Wednesday, 10 April 13
- 30. See what they do. Wednesday, 10 April 13
- 33. Code TargetExt. Wednesday, 10 April 13
- 34. Code TargetExt. Worker Wednesday, 10 April 13
- 35. •Ability to send requests. •Ability to intercept transactions. •Ability to access low level APIs. Wednesday, 10 April 13
- 36. DEMOS Wednesday, 10 April 13
- 37. Building It Up Wednesday, 10 April 13
- 39. What is next? Wednesday, 10 April 13
- 40. Q&A Wednesday, 10 April 13