Real World Web Penetration Testing - Webcast

In this video, Jason Gillam will walk attendees through a real world penetration test. We will explore the methodology and procedures Secure Ideas follows as we test web applications. The webcast will also walk through some tricks and tips on how to focus your testing on likely flaws. Follow us on Socials: Twitter:   / secureideas   Facebook:   / secureideasllc   LinkedIn:   / secure-ideas   Timestamps: 0:00:00 - Start. 0:01:10 - Opening (after technical difficulties) and introduction of Jason Gillam 0:02:35 - Who is Secure Ideas? 0:03:26 - What is “Professionally Evil”? 0:04:43 - Today’s Agenda 0:05:26 - If you are following along… 0:06:56 - Why is Application Security Important? 0:07:05 - The Obvious: Consumer-facing Business 0:09:47 - Why Focus on Application Security? 0:11:43 - Automated Tools vs Manual Pentest? 0:13:32 - Complexity of Testing by Vulnerability Type 0:17:21 - Penetration Testing Timeline 0:19:35 - Scoping: Why? Business/Purpose and Technology 0:24:12 - Test Type 0:26:34 - Preparing for a Test 0:29:02 - Kick-Off Meeting 0:31:38 - Formal and Weighted Methodology 0:37:43 - OWASP top 10 - 2017 - Critical Application Security Risks 0:39:38 - What are we looking for? 0:42:45 - Interception Proxies 0:47:50 - Tester Notes 0:51:39 - Reporting 0:57:51 - Demo time and Questions- with SamuraiWTF, Burp Suite, Dojo-Basic and OWASP Juice Shop 1:46:20 - Closing - Questions, Comments, Suggestions