YoVDO

Next Gen Web Pen Testing - Handling Modern Applications in a Penetration Test

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Software Development Courses Application Security Courses System Architecture Courses HTTP/2 Courses

Course Description

Overview

Explore next-generation web penetration testing techniques for modern applications in this 58-minute conference talk from AppSecUSA 2016. Discover how to adapt testing methods to handle new technologies like HTTP/2, WebSockets, CORS, RESTful APIs, and Content Security Policy (CSP). Learn about the nuances of these advancements and their impact on security testing from industry experts Kevin Johnson and Jason Gillam. Gain insights into testing considerations for each technology, including client-side focus and browser support. Understand the evolution of web applications and development practices, and how penetration testing must evolve to keep pace. Conclude with an introduction to the new modern vulnerable application and the release of SamuraiWTF 4.0, providing practical tools for implementing these advanced testing techniques.

Syllabus

Intro
Jason Gillam
Kevin Johnson
Web Applications Have Changed...
So has development...
We need to adapt!
HTTP/2 is a Big Upgrade
Testing HTTP/2
Testing Websockets
What's an "Origin"?
SOP Exceptions
Fetching a CORS Policy
CORS Pentest Considerations
Focus on the Client
REST Clients
Testing Considerations
Content Security Policy (CSP)
CSP Versions
Browser Support
Main Differences in 4.0


Taught by

OWASP Foundation

Related Courses

LPIC-1: System Administrator Exam 101 (v5 Objectives)
A Cloud Guru
Amazon FSx for Windows File Server Primer (French)
Amazon Web Services via AWS Skill Builder
Amazon FSx for Windows File Server Primer (Portuguese)
Amazon Web Services via AWS Skill Builder
Autonomous Aerospace Systems
University of Naples Federico II via Coursera
AWS IoT Business Opportunities for Telecom Operators
Amazon Web Services via AWS Skill Builder