Exploit-Me for Fun and Profit

Expo Theatre (Hall G) October 21, 2008 - Feedback     

Bookmark and Share

Jamie Gamble
Tom Aratyn

The Exploit-Me suite of tools provide a powerful platform for testing websites for application vulnerabilities. Jamie Gamble and Tom Aratyn of Security Compass will demonstrate how the Exploit-Me tools could have been used to catch common vulnerabilities in real world applications, and how they could have saved time and embarrassment.

We’ll start with a demonstration of the Exploit-Me tools being used to find a vulnerability in a commercial application. Target the page, click the button, and uncover a cross-site scripting vulnerability. Simple.

Following the initial demonstration, we’ll briefly introduce the common problems and vulnerabilities that are plaguing web applications today we’ll touch on how penetration testers may typically carry out the process of uncovering these security holes through manual testing. This will lead into an introduction of the Exploit-Me tools; their names, their jobs, and our goals for their future.

Once you’re familiar with the tools, we’ll discuss various vulnerabilities that have been identified in web applications and demonstrate how the Exploit-Me tools can be utilized to aid in the discovery of similar vulnerabilities during the application development and testing phases. Using examples of vulnerable applications, the presentation engages in a discussion with the audience as to how the Exploit-Me suite of tools can help testers and developers save time.