James Kettle presents at OWASP AppSec Europe 2014
James Kettle is confirmed to speak at OWASP AppSec Europe on the 26th June.
His presentation is titled 'ActiveScan++: augmenting manual testing with attack proxy plugins', and will introduce ActiveScan++ and demonstrate how it can be used to easily identify complex vulnerabilities in real world applications.
James provides a short synopsis below:
Intercepting proxies sit at the heart of manual web application assessment, and gain unparalleled insight into websites' inner workings by monitoring the tester's interactions with them. This makes them the ideal location for code aiming to augment the manual testing process by automatically identifying vulnerability indicators.
I have created ActiveScan++, an open source Python plugin that integrates into Burp Suite and effectively assesses websites' susceptibility to a range of cutting edge attack techniques. This information is then presented to the tester, resulting in better informed attacks. The presentation will follow these attack techniques from the underlying mechanisms that make them work through to automated detection and manual exploitation demonstrations. It will also discuss the pros and pitfalls that can be found with the proxy-plugin approach to automated vulnerability hunting, and active research into some of the innovative attack techniques that this approach makes possible.
This tool will be publicly released with the presentation.
For more information on the event please click here.