Tools for conducting application penetration tests have become increasingly advanced over the past decade. Yet with all this focus on bigger, badder and more specialized tools, it seems we,ve lost sight of the most effective tool in our arsenal, our own eyes. Performing reconnaissance on target applications is one of those concepts that many know exists but few seem to actually employ as part of an application penetration test. In this presentation, we,ll discuss how intelligence gathering can not only improve application assessments but in many cases can be the difference between a sparse report and pwn,ing the app. We,ll look at some common and some less than common methods for gathering intelligence on your target application. We,ll see some examples of how good reconnaissance techniques turned seemingly trivial applications into smoking piles of wreckage that left their owners dazed and confused.

Back to GrrCON 2015 video list