Pen Testing With Iron presented at OWASP Appsec 2010

by Andrew Wilson (SpiderLabs @ Trustwave),

Tags: Application Security


Summary : By taking advantage of the new Dynamic Language Runtime (DLR) from Microsoft, many challenges in pen testing .NET based applications are greatly simplified. The combination of dynamic and static languages drives toward a best of breed approach in testing .NET applications.

This talk will focus on practical methods of testing WCF services, Silverlight, and connected WPF Desktop applications using Python or Ruby via the Microsoft Iron* language ports. Specific topics covered will include increasing code visibility, simplified service proxy calls and overriding application behavior dynamically.

Additionally, since the DLR has nearly full support for running python and ruby applications, many familiar pen testing tools can be brought into an engagement to further enhance the testing of .NET applications.

Andrew Wilson : Andrew Wilson is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 9 years experience building and securing software for a variety of companies. Andrew specializes in application security assessment, penetration testing, threat modeling and secure development life cycle. Andrew is active in the developer and security community as a speaker, a trainer, and as a leader of the Phoenix OWASP & Azure user groups. Andrew is recognized as a Microsoft MVP in Windows Azure.