Railsberry chronicles: day 2 - The English penetration test (eventually the day I talk to 450+ oustanding developers)
Finally the day I gave the talk is arrived and it’s gone. Going on stage in front a more than 450 talented developers was an astonishing experience. It drove me crazy. My spoken English has limits on its own, but it in front of such crowd I seemed to be a scared 4 years old child.
However, talk was good afterall. Everything went well. Nothing broke during exposure, none of the people were harmed during the talk, no customer ewb applications were broken Internet is still working ( I guess ).
A particular mention to…
Kudos to https://twitter.com/felixge for his hacks and for great talk.
My slides and the videos
The code you need to play against a web application is:
$ gem install ciphersurfer $ gem install gengiscan $ gem install codesake_links $ gem install cross
The idea is that both dusk and dawn will be the core engines behind codesake.com application security startup, but it’s quite early to talk about it. The thing to remember is that the security engines will be opensource, ever.
So, I hope you enjoyed the talk. In case you missed, because you were not there, here is my slides:
With demo videos too.
Railsberry 2013 - Navigating the attack target after the information gathering stage
Railsberry 2013 - First XSS spotted in the wild
Railsberry 2013 - Information gathering
Railsberry 2013 - Bruteforce users login name
Railsberry 2013 - Find reflected XSS with cross