AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Friday, September 25 • 1:00pm - 1:55pm
The Bug Hunters Methodology

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This is the live and hands on version of Jason's Defcon talk "How to Shot Web: Web and Mobile Hacking in 2015". Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, scripts, and tips make you better at hacking websites and mobile apps. Whether you're trying to claim those bug bounty prizes or find high level vulnerabilities faster or more efficiently, this talk is for you! Convert edge-case vulnerabilities to practical pwnage even on presumably heavily tested sites. These are tips and tricks that the every-tester can take home and use. Jason will focus on philosophy, discovery, mapping, tactical fuzzing (XSS, SQLi, LFI, ++), CSRF, web services, and mobile vulnerabilities. In many cases we will explore these attacks down to the parameter, teaching the tester common places to look when searching for certain bugs. In addition he will cover common evasions to filters and as many time saving techniques he can fit in.

avatar for Jason Haddix

Jason Haddix

Director, Speaker
Father, hacker, educator, gamer, & nerd.  I am passionate about information security. Not only is security my career focus but it’s my hobby. I absolutely love my job.In my previous role as Director of Penetration Testing I led efforts on matters of information security consulting... Read More →

Friday September 25, 2015 1:00pm - 1:55pm PDT
Room E