Name: Just Enough Scripting
Start: 2025-02-06T10:00:00-0700
End: 2025-02-06T12:00:00-0700

Thursday February 6, 2025 10:00am - 12:00pm MST

The focus in this workshop is on scripting in support of a webapp pentest. A good webapp pentest starts with a manual exploration of the target to get your bearings, of course. But once you have that, it's time to make the computer do some of the work for you.

We'll look at four areas:

1. Using the console in your browser's Developer Tools to leverage same-origin access to the application's resources to find out what's there. It's not all JavaScript: you can start in the console and end up in whatever language you want to do the heavy lifting.

2. Using jwt_tool to automate the common attacks against JSON Web Tokens.

3. Diving into cURL to find how it can save you time and help produce clear and reliable direct evidence of how an application behaves.

4. Getting familiar with jq, a command line utility for working with JSON data. Just as JavaScript has been taking over every aspect of web applications, JSON is displacing structured text in config files and just about everywhere else.

Speakers

BB King

BB started pentesting professionally in 2008 at the largest financial services company you’ve never heard of. As the second hire on the application security team, he helped define standards and grow the team to a group of more than 30 testers. Through teaching in that environment... Read More →

Thursday February 6, 2025 10:00am - 12:00pm MST
Matchless

Workshops, Hybrid

WWHF @ Mile High 2025

BB King

Attendees (4)

WWHF @ Mile High 2025

BB King

Attendees (4)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!