Talk: Rebel against Complex Application Flow
I would be discussing scenarios that I have crossed paths with in my journey to being a pentester. I feel that most of the pentesters relay on intruders instead of logical findings and working dynamically. There should be at least some observational skills and programming skills to at least develop a script that can do the work for you. That can either be an encryption-decryption mechanism or a grep-and-match mechanism from response to a request. Automation with scripting is a necessity as the awareness of hardening application security is increasing. I would like to present a glimpse of how do we observe those mechanisms and build test-cases accordingly then try to perform attacks.