Listen to the latest episode of the Secure Developer podcastListen now

DSC Germany

Application Penetration Testing – Dos and Dont’s

with Tobias Glemser


“Penetration testing” – an attack simulation. So what actually is a penetration test? Why is a penetration tester not a paid hacker? How do I test applications efficiently? What are the risks?

The talk will present common methods and hacks of these methods to test faster and more efficiently. Pitfalls will be illustrated using real-life mishaps.

Questions that will be addressed include.
  • do I test against Dev/Stage/Prod?
  • at what point do I test in my project?
  • which roles and rights do I test?
  • why are the OWASP Top 10 not a good testing basis, but still a great document?
  • why are CAPTCHAs a challenge for testing?
  • do I test with or without a web application firewall?
  • what is horizontal and vertical rights escalation?
The insights of the presentation come from 20 years of project experience and hundreds of tested applications.


Application Security
Open Source Security
Secure Development
Security Transformation
Threat Modeling

Tobias Glemser

Geschäftsführer/CEO at Secuvera GmbH

About Tobias Glemser

Tobias Glemser, Managing Director of secuvera, is a BSI-certified penetration tester and Technical Manager for Penetration Testing. Mr. Glemser is the author of several technical articles in the magazines c’t and iX, among others, and a speaker at seminars and congresses (e.g. OWASP AppSec Germany, DevSec, secIT, Internet Security Days, it-sa). He has published various Security Advisories for vulnerabilities he found himself, e.g. in web applications and IoT devices. Mr. Glemser is chapter lead of the German chapter of the Open Web Application Security Project (OWASP).

We use cookies to ensure you get the best experience on our website.Read Privacy Policy