DevConf.US 2020 has ended
Registration is now OPEN! Please register as soon as possible! https://hopin.to/events/devconf-us

DevConf.US 2020 is the 3rd annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to a web browser near you!
Back To Schedule
Friday, September 25 • 15:20 - 16:05
Web exploitation - Offensive way to Hunt Bugs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

As a QE or Developer, we have the power. The power to find new bugs/flaws with the code, which others could not find and at the same time. In this talk, I will present how QE engineers, Developer or Anyone who is interested in filling CVE bugs can work proactively with InfoSec or ProdSec team to find some security vulnerabilities in different features of the web in functionality testing.
The agenda will be like:
* Goals of offensive bug hunting and what are some approaches to agressive bug hunting i.e burpsuite, ZAP etc
* Some common vulnerabilities to check for in your project i.e OWASP Top 10
* Attacks in Action ( Demonstration of video POC's ):
- Application-level Dos ( Denial of Service )
- Host Header Injection ( redirection, cache poisoning & password reset poisoning )
- URL/Open Redirection and etc.

avatar for Pritam Singh

Pritam Singh

Associate Quality Engineer, Red Hat, Inc.
Associate Quality Engineer at Red Hat, Passionate Security Tester, 2+ years of experience in reporting security vulnerabilities at numerous vulnerability disclosure programs.

Friday September 25, 2020 15:20 - 16:05 EDT
Pixies Virtual

Attendees (6)