YoVDO

Domo Arigato, Mr. Roboto - Security Robots a la Unit-Testing

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Application Security Courses Dynamic Analysis Courses Static Analysis Courses

Course Description

Overview

Explore security testing methodologies and challenges in this Black Hat conference talk. Delve into the difficulties faced by both security and development industries in identifying vulnerabilities in custom code. Learn about current security tools, their weaknesses, and costs. Discover the potential of unit testing frameworks for security testing, including inoculating applications, maintaining functional states, and ensuring consistent responses. Gain insights from lessons learned, such as the complexities of math in security, developer knowledge, and identifying endpoints. Examine real-world examples of security payloads, encoding problems, and test generation techniques. Witness a demonstration of innovative approaches to security testing that bridge the gap between development and security practices.

Syllabus

Intro
Mr Roboto
Why Security Unit Testing
Flaws not exploits
Quantum Security BOTS
Agenda
Current Security Tools
Static Tools
Dynamic Tools
Weaknesses
Costs
UnitTesting Frameworks
Average Number of UnitTesting
Lack of UnitTesting
Java Spring
NET
Django
Summary
Testing frameworks
Inoculating the application
Functional application
Authentication state
Consistent responses
Accessing HTML
Lessons Learned
Math is Hard
Developers Know Better
Identifying End Points
Chuck Norris
Sputter
Security payloads
Storytime
Admin Code
Single Character
XSS payloads
Encoding problems
Popup button
Random characters
Regice expression
Demo
Test Generation 4


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube