Petko D. Petkov (Founder, GNUCITIZEN)

PRESENTATION TITLE:  Defeating the Intercepting Web Proxy – A Glimpse Into the Next Generation of Web Security Tools

PRESENTATION ABSTRACT:

This presentation will give information security professionals and enthusiasts an opportunity to explore new tricks and techniques for performing web application security assessments and penetration tests without using any intercepting proxies or any other standard tools. We will explore the weird and wonderful world of web browsers, the modern web application stack and rich web APIs to create a powerful web application security testing environment.

Attendees will get first hand exposure to brand new tools and techniques. The talk is not only educational but also provides a glimpse into the next generation web security technologies and will include the following topics and much more:

• New developments in the HTTP proxy world.

• Replacement tools for standard HTTP proxies using browser technologies.

• Performing large-scale security assessments with Nodejs – i.e. scanning the web in 30 minutes.

• Exploitation demos of various web technologies using nothing but web browsers.

ABOUT PETKO D. PETKOV

Petko D. Petkov is founder and leading member of the GNUCITIZEN Information Security Think Tank. Petko is a recognised information security researcher, security tools developer, penetration tester, frequent speaker at industry recognised events, and published author who has contributed to several best-selling books, numerous popular blogs and online magazines. Petko’s is currently innovating in the application security space by actively developing a modern technology stack for web security testing called Websecurify Suite.