Complimentary security webcast today at SANS.org. Today, April 19, at 1:00 pm SANS presents “Manipulating Web Application Interfaces”:
Not much has changed since the beginning of the web application penetration testing in terms of process for performing manual input validation tests. Place a client proxy between the browser and the application, generate requests, intercept them and modify the HTTP parameters.
It’s true that we have seen some nice improvements at the client proxy level (compare the old Achilles to the last version of the Burp suite), but the general approach still remains the same. This webcast will propose a new way to look at input data and a new approach to manually test it. It will introduce Groundspeed, a Firefox add-on that allows the penetration tester to manipulate the interface of web applications in order to adapt it to the penetration test needs, removing the annoying client-side limitations and making the test more efficient.
– Felipe Moreno will present the webcast, he is a New York City security professional and a member of the Information Security Team at Markit Group. You need to register for the event before the webcast begins.