AppSec Israel 2016: Java Hurdling: Obstacles and Techniques...

Java Hurdling: Obstacles and Techniques in Java Client Penetration-testing

Testing java client applications is not always straightforward as testing web applications. Even under experienced hands, there might be obstacles coming your way; what if you cannot use a proxy? How do you MitM? What if you just can't? How do you modify the app to you benefit?

Fortunately, Java is still java. This lecture is based on a true story, and will follow an interesting case of pen-testing a known product; what tools and techniques can be used in order to jump over hurdles, all the way to the finish line.

The lecture aims to enrich the pentester's toolbox as well as mind, when facing java client applications; MitM-ing, run-time manipulations and patching the code are only some of the discussed cases.

In addition, a newly developed proxy for intercepting and tampering with TCP communication over TLS/SSL and bypassing certificate-pinning protections, will be introduced during the lecture.

Speakers

Tal Melamed

Head of Security Research, Protego Labs

In the past year, Tal Melamed been experimenting in offensive and defensive security for the serverless technology, as part of his role as Head of Security Research at Protego Labs. Specializing in AppSec, he has more than 15 years of experience in security research and vulnerability... Read More →

intro Java Hurdling pdf

Monday September 19, 2016 12:35 - 13:20
Room 10 - CS and Communications Building

Track 2

Audience Breakers
Language Hebrew
Technical Level Intermediate / Advanced

Attendees (52)

R
A
R
Y
E
A
A
N
D
J
a
N
t
R
E
M
Y
i
D
T
M
D
A
A
I
View All →

AppSec Israel 2016

Log in to save this to your schedule and see who's attending!

Tal Melamed

Attendees (52)

Recently Active Attendees