Since the caveman first fashioned a spear humans have been using tools to make them more efficient and effective. Unfortunately, today’s analysts often misunderstand the role tools play testing web applications. While tools can be quite good at mapping a web application’s attack surface there is still much human analysis that must be done to find the elusive defects that lie just below the surface. That human analysis is daunting and irregular … until now.
The answer is an execution-flow-based approach to application security testing. By first understanding application logic and execution flow it is possible to completely map a web application’s attack surface, and therefore fully test the application. Along the way we will cover understanding the principles of application-flow analysis, application process mapping and building execution-flow diagrams (EFDs) which together form a complete picture of the web application and allow an analyst to do a thorough job. This talk focuses on how to get the whole picture of the application by mapping logic and execution flow of the application and uncovering potentially critical defects.