Tuesday, July 7, 2015

BSides Iowa 2015 - Intro to Web App Pen Testing with Mutilldae

Welcome to my INFOSEC encyclopedia site!  As I continue to learn and grow as an InfoSec professional, I find it helpful to transfer what I learn to this site for future reference (for myself as well as others!).  My intent is to create a reserve of IT security topics as well as any interesting crossover topics that I find.  I will stockpile up info and links for topics on web app pen testing, CTF challenges and more!

The BSides Iowa 2015 security conference in April was a worthwhile event to attend and hear a lot of great talks.  There were great talks such as an assessment of malware analysis network appliances, malware analysis of an exploit kit and integrating a vulnerability scanner into the SDLC process.  I was fortunate enough to be selected during the CFP (call for papers) to do my talk titled, "Intro to Web App Pen Testing with Mutillidae".  This talk was an introduction to web app penetration testing.   I recommend Mutillidae to anyone currently working with web app pen testing or anyone who is interested in it and wants to know how to do it.

Mutillidae is an OWASP project that aims to help testers break into a web app/site and exploit various intentional vulnerabilities.  As the testers get better at exploiting the low hanging fruit, they can harden the app to be like a production ready system with varying levels in between.  This helps the tester learn from a more contrived system to something they would more than likely see closer to in the field.  Mutillidae is also a great resource as it's a system that teaches the tester in various ways with hints, tutorials and easy to test pages.

No comments:

Post a Comment