SQL injection, password cracking, session hijacking... As a developer, you've probably heard of some of these terms, and might be aware of the basic measures to counter them. But how does a hacker execute such attacks? What tools do they use? And how easy would it be to attack your own application? By starting to think like our adversaries, we have a better chance of finding vulnerabilities in our software before they can be exploited.
In this talk we will look at a few tools used by attackers and ethical hackers alike to find (and exploit) vulnerabilities in web applications. By the end of the talk, you will have a better understanding of how an attacker might target your application and how you can use the same tools to discover vulnerabilities yourself first.
This talk is aimed at developers who want to learn more about how they can use penetration testing to improve the security of their applications.