Railsberry chronicles: day 2 - The English penetration test (eventually the day I talk to 450+ oustanding developers)

Finally the day I gave the talk is arrived and it’s gone. Going on stage in front a more than 450 talented developers was an astonishing experience. It drove me crazy. My spoken English has limits on its own, but it in front of such crowd I seemed to be a scared 4 years old child.

However, talk was good afterall. Everything went well. Nothing broke during exposure, none of the people were harmed during the talk, no customer ewb applications were broken Internet is still working ( I guess ).

A particular mention to…

Felix Geisendoerfer gave us today an oustanding talk about to make an http://nodecopter.com/ to fly controlled by javascript or any other programming language.

Kudos to https://twitter.com/felixge for his hacks and for great talk.

My slides and the videos

The code you need to play against a web application is:

$ gem install ciphersurfer
$ gem install gengiscan
$ gem install codesake_links
$ gem install cross

Soon cross, gengiscan and ciphersurfer will but under the codesake project and eventually it will integrate into the dusk tool (repository is not created).

dawn code review tool is going to be soon updated with testing for CVE-2013-1800.

The idea is that both dusk and dawn will be the core engines behind codesake.com application security startup, but it’s quite early to talk about it. The thing to remember is that the security engines will be opensource, ever.

So, I hope you enjoyed the talk. In case you missed, because you were not there, here is my slides

With demo videos too.

Railsberry 2013 - Navigating the attack target after the information gathering stage

Railsberry 2013 - First XSS spotted in the wild

Railsberry 2013 - Information gathering

Railsberry 2013 - Bruteforce users login name

Railsberry 2013 - Find reflected XSS with cross

If you have any questions, comments or criticisms please use my ask me anything box on github.

Enjoy it!

comments powered by Disqus