Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
 
View analytic
Friday, September 25 • 1:00pm - 1:55pm
The Bug Hunters Methodology

Sign up or log in to save this to your schedule and see who's attending!

This is the live and hands on version of Jason's Defcon talk "How to Shot Web: Web and Mobile Hacking in 2015". Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, scripts, and tips make you better at hacking websites and mobile apps. Whether you're trying to claim those bug bounty prizes or find high level vulnerabilities faster or more efficiently, this talk is for you! Convert edge-case vulnerabilities to practical pwnage even on presumably heavily tested sites. These are tips and tricks that the every-tester can take home and use. Jason will focus on philosophy, discovery, mapping, tactical fuzzing (XSS, SQLi, LFI, ++), CSRF, web services, and mobile vulnerabilities. In many cases we will explore these attacks down to the parameter, teaching the tester common places to look when searching for certain bugs. In addition he will cover common evasions to filters and as many time saving techniques he can fit in.

Speakers
avatar for Jason Haddix

Jason Haddix

Jason is the Director of Technical Operations at Bugcrowd. Jason trains and works with internal analysts to triage and validate hardcore vulnerabilities in mobile, web, and IoT applications/devices. He also works with Bugcrowd to improve the security industries relations with the researchers. Jason’s interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructural security... Read More →


Friday September 25, 2015 1:00pm - 1:55pm
Room E