May 17-18, 2018
Park Inn by Radisson Pulkovskaya
Pobedy Square 1, St. Petersburg

Web security testing starter kit

Day 2 /  / Зал 1  /  RU / Введение в технологию

During the talk, we'll cover the simple course of action that allows you to make your web application safer.

We'll learn how to search for vulnerabilities, what threats to users and services they may contain, providing more details on the most common ones: XSS, SQL injection, SSRF, XXE.

We'll also touch on Burp Suite tool, which will make the process of finding vulnerabilities easier.

This talk will be useful both for developers (as it will help them to understand issues' root cause) and for QAs (to help them understand how to search for vulnerabilities). Top managers will be able to understand the threats that vulnerabilities carry and reconsider the value of the web application security process.

At the end of the talk, the participants will get basic knowledge which is needed for the web application security testing.


Download presentation
Andrey Leonov
SEMrush

For the last ten years has been searching for vulnerabilities in web applications. Participated in many Bug Bounty programs. Most of all likes business logic's issues when an application works as coded, but not as developer wanted. Here at SEMrush works at Security Team, responsible for product security, work infrastructure safety and many other things.