![]() Once you start researching, you’ll likely find every topic you explore leaves you with ideas for three more projects. In fact, I don’t think that coming up with research ideas is the hard part either. On the rare occasion that someone does mention a research idea that I think is doomed from the outset, it’s clear that attempting it will still provide them with a major learning experience - hardly a terrible outcome. I’ve spoken to so many people who have cool ideas but never attempt to execute them. Smashing the State Machine: the True Potential of Web Race Conditions The hardest partīefore we start, I should mention that I firmly believe that choosing a topic is not the hardest part of web security research. ![]() As a case study, I’ll use my latest research, which will be presented at Black Hat USA and DEF CON this August: In this post, I’ll take a personal look at how I select topics for security research. The talk includes self-hosted demos illustrating its most critical points.How do you choose what topic to research? That’s the single most common question I get asked, probably because selecting a topic is such a daunting prospect. How to stay up to date (a list of relevant online resources) Evergreen pieces of advice (on performances and live monitoring) Poor-man automation pipeline, from a list of domains to findings Niche knowledge about Collaborator (correlation) and Intruder (placeholders in wordlists) Efficiently find authorization bugs, on both APIs and web apps ![]() Essential extensions like Hackvertor, Piper and Burp Bounty Automation of recurrent tasks, mainly the transparent management of sessions (via both cookies and headers like JWT) and CSRF tokens Improved usage the Burp Suite GUI, from modifying default settings to increasing the speed of interaction (including hotkeys) ![]() I presented a similar talk in 2013, but the tool and its ecosystem changed significantly since then. The underlying goal is to increase the efficiency of the testing workflow (in terms of both capabilities and speed). Based on my in-depth knowledge of both Burp Suite and its extensions, this talk aims to provide bug hunters and pentesters with a set of useful strategies. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |