Name: Java Hurdling: Obstacles and Techniques in Java Client Penetration-testing
Start: 2016-09-19T12:35:00+0300
End: 2016-09-19T13:20:00+0300

Back To Schedule

Java Hurdling: Obstacles and Techniques in Java Client Penetration-testing

Testing java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to you benefit?

Fortunately, Java is still java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.

The lecture aims to enrich the pentester's toolbox as well as mind, when facing java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.

In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.

Speakers

Tal Melamed

Sr Director, Cloud Native Security Research, Contrast Security

With over 15 years’ experience in security research and engineering, Tal, Sr. Director at Contrast Security, possesses an unprecedented understanding of the Application and the Serverless Security landscape. Recently, Tal co-founded CloudEssence, a cloud-native security company... Read More →

intro Java Hurdling pdf

Monday September 19, 2016 12:35 - 13:20 IDT
Room 10 - CS and Communications Building

Track 2

Audience Breakers
Language Hebrew
Technical Level Intermediate / Advanced

Attendees (52)

R
A
R
Y
E
A
A
N
D
J
a
N
t
R
E
M
Y
i
D
T
M
D
A
A
I
View All →

AppSec Israel 2016

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Tal Melamed

Attendees (52)