AppSec Israel 2016 has ended
Back To Schedule
Monday, September 19 • 12:35 - 13:20
Java Hurdling: Obstacles and Techniques in Java Client Penetration-testing

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Testing java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to you benefit?

Fortunately, Java is still java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.

The lecture aims to enrich the pentester's toolbox as well as mind, when facing java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.

In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.

avatar for Tal Melamed

Tal Melamed

Head of Security Research, Protego Labs
In the past year, Tal Melamed been experimenting in offensive and defensive security for the serverless technology, as part of his role as Head of Security Research at Protego Labs. Specializing in AppSec, he has more than 15 years of experience in security research and vulnerability... Read More →

Monday September 19, 2016 12:35 - 13:20 IDT
Room 10 - CS and Communications Building
  Track 2
  • Audience Breakers
  • Language Hebrew
  • Technical Level Intermediate / Advanced