During a web application penetration test, a tester often encounters different technology stacks and security controls implementations that requires the use of different tools and testing approaches. While commercial tools are often available for these specific scenarios – these can be hard to get in a short time frame (and can be very costly if required for one-time use).
This session will introduce some of the freely available tools that can (and should) be used during a web application penetration test, when is best to use them, provide an introductory hand-on demonstration and some insight when best to (or not to) use that tool.