Loading…
RVAsec 2018 has ended
View analytic
Thursday, June 7 • 2:00pm - 2:50pm
From Web App to ATM: Why the Basics Matter

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This is a technical application security discussion for junior penetration testers or anyone interested in the world of penetration testing. Advanced members of the community are welcome, but the content is geared at newer testers. From Web App to ATM will showcase a penetration test I performed where the only previous work done was web vulnerability scanners that completely missed the iceberg lurking just below the water. In this talk I will cover some "back to basics" of web app security and show real world examples of critical applications exposing these flaws. Unauthenticated APIs, forceful browsing, privilege escalation, and total ownage of ATMs managed by this app are all up for discussion.

Speakers
avatar for Travis McCormack

Travis McCormack

Lead Specialist, Security Testing, Walmart
Travis has 10 years of experience in information security roles. Starting out as a Network Administrator and later SOC Analyst he has built his experience and knowledge up through blue teaming before deciding to try out offensive security. Travis has spent the past 2 years as a penetration... Read More →


Thursday June 7, 2018 2:00pm - 2:50pm
Ballroom