Overview
Explore the intricacies of reverse engineering web applications in this 50-minute conference talk from LASCON 2011. Delve into testing guidelines, information gathering techniques, and the assessment phase. Examine various web development concepts including page controllers, query strings, Ruby, and front controllers. Analyze URL rewrite patterns and technology intersections to understand application behavior. Learn about psychoanalysis techniques, encoding types, and complex data structures in web applications. Discover how to interpret source code, exceptions, and timing patterns. Gain valuable insights on testing tips, asking the right questions, and removing metadata to enhance your web application security assessment skills.
Syllabus
Intro
What is reverse engineering
Testing guidelines
Assessment phase 1
Information gathering
Boyds Loop
Caveats
Web Developers
Compositions
Active Testing
Page Controller
Query Strings
Ruby
Front Controller
Compare and Contrast
URL Rewrite Patterns
Download Disqus
Technology Intersecting
Why Does This Matter
Understanding Behavior
Psychoanalysis
Where did you go
How did it get there
Encoding
Types
Complex Types
Source Code
Exceptions
Timing
Failure Patterns
Testing Tips
Asking Questions
Removing Metadata
Taught by
LASCON