AppSec Israel 2016 has ended
Back To Schedule
Monday, September 19 • 12:35 - 13:20
Java Hurdling: Obstacles and Techniques in Java Client Penetration-testing

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Testing java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to you benefit?

Fortunately, Java is still java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.

The lecture aims to enrich the pentester's toolbox as well as mind, when facing java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.

In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.

avatar for Tal Melamed

Tal Melamed

Sr Director, Cloud Native Security Research, Contrast Security
With over 15 years’ experience in security research and engineering, Tal, Sr. Director at Contrast Security, possesses an unprecedented understanding of the Application and the Serverless Security landscape. Recently, Tal co-founded CloudEssence, a cloud-native security company... Read More →

Monday September 19, 2016 12:35 - 13:20 IDT
Room 10 - CS and Communications Building
  Track 2
  • Audience Breakers
  • Language Hebrew
  • Technical Level Intermediate / Advanced