Hello All,
It has been a long time since you have heard from me :-(
I am quite excited to share the news that I will be at Black Hat UAE 2012 to present a new talk titled 'The Art of Exploiting Logical Flaws'. So, as most of you would agree that the application pentests are getting more challenging every day. The automated tools are now part and parcel of every pentester's arsenal, but do these tools have enough intelligence built into them to identify core logic flaws. Even OWASP Top 10 does not have any mention of Logic flaws. While, there are some examples on internet of using MiTM tool to manipulate requests (e.g. price of a product on an e-commerce site), these are all a bit too common/outdated. We will show some cool logical flaws which we have found in real life pentests and hope that audience can benefit from these.
More details here: http://blackhat.com/ad-12/briefings.html#Siddharth
Secondly, and rather more importantly, what makes this talk really special is that I will be speaking alongside Richard Dean, who heads the penetration testing team at Portcullis Computer Security. How often do you see two researchers from different firms who usually compete with each other, work alongside and produce good results? I think it is really great to see that the 2 companies (7Safe and Portcullis Computer Security) supporting our talk and many thanks to the directors of these firms. I hope other companies will also follow the same path.
See you in Emirates Palace, Abu Dhabi!!!!
-Sid