Web exploitation - Offensive way to Hunt Bugs
Application security testing is the act of finding security vulnerabilities proactively and responsibly disclosing it to the security team in an ethical way.
The audience will be going to learn most of the vulnerabilities of OWASP TOP 10 & basic’s of Application Security Testing (AST) with a burp suite tool and
this will be going to help them to look for the security vulnerabilities in our own product and code.
The agenda will be like:
* Goal and Introduction to burp suite tool
* Common Vulnerabilities in OWASP Top 10
* Demonstration of web vulnerabilities exploitation:
- XSS and different endpoints to exploit it
- Host Header Injection ( redirection, cache poisoning & password reset poisoning )
- URL/Open Redirection
- Parameter Tampering
- Email spoofing/Missing or insufficient SPF record
and many more.
Pritam is a Associate QE with Red Hat. He is a security researcher, WebApp security tester, and has experience in finding numerous vulnerabilities in responsible disclosure programs.