Under The Radar Web App Recon presented at Kiwicon 2012

by Dean "tecnik" Jerkovich,

Tags: Security

Summary : Whether youre part of the next LulzSec trying to loot a defence contractor or youre a QSA doing pre-engagement scoping, being able to hunt down security vulnerabilities and perform reconnaissance against a web application with zero chance of being detected is useful. This talk will cover off what types of things you can find (as well as the limitations) when poking around in someone elses web app appearing as nothing more than a regular web browser, and will be accompanied by the release of a tool for doing this.