“Penetration testing” – an attack simulation. So what actually is a penetration test? Why is a penetration tester not a paid hacker? How do I test applications efficiently? What are the risks?
The talk will present common methods and hacks of these methods to test faster and more efficiently. Pitfalls will be illustrated using real-life mishaps.
- do I test against Dev/Stage/Prod?
- at what point do I test in my project?
- which roles and rights do I test?
- why are the OWASP Top 10 not a good testing basis, but still a great document?
- why are CAPTCHAs a challenge for testing?
- do I test with or without a web application firewall?
- what is horizontal and vertical rights escalation?