DevSecCon Germany

Application Penetration Testing – Dos and Dont’s

WITH Tobias Glemser

“Penetration testing” – an attack simulation. So what actually is a penetration test? Why is a penetration tester not a paid hacker? How do I test applications efficiently? What are the risks?
The talk will present common methods and hacks of these methods to test faster and more efficiently. Pitfalls will be illustrated using real-life mishaps.
Questions that will be addressed include.
  • do I test against Dev/Stage/Prod?
  • at what point do I test in my project?
  • which roles and rights do I test?
  • why are the OWASP Top 10 not a good testing basis, but still a great document?
  • why are CAPTCHAs a challenge for testing?
  • do I test with or without a web application firewall?
  • what is horizontal and vertical rights escalation?
The insights of the presentation come from 20 years of project experience and hundreds of tested applications.
About our Guest
Tobias Glemser

Tobias Glemser, Managing Director of secuvera, is a BSI-certified penetration tester and Technical Manager for Penetration Testing. Mr. Glemser is the author of several technical articles in the magazines c’t and iX, among others, and a speaker at seminars and congresses (e.g. OWASP AppSec Germany, DevSec, secIT, Internet Security Days, it-sa). He has published various Security Advisories for vulnerabilities he found himself, e.g. in web applications and IoT devices. Mr. Glemser is chapter lead of the German chapter of the Open Web Application Security Project (OWASP).

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.