Please, oh please, stick to the RFCs
Track 2 – 11:05am
Name: Ehren Osborne Company: KPMG UK Job title: Penetration Tester
Bio
TBC
Talk Abstract
"Please, oh please, stick to the RFCs" is both my technical recommendation and a plea for my sanity while testing certain web applications. My talk will firstly explore some pre-requisites, such as; My path to being a web application tester, what an RFC is and what circumstances made me realise that this needed to be heard.
RFCs are written to guide the usage and application of protocols, with the HTTP-related RFCs being the main focus. I will highlight parts from the RFC that directly relate to vulnerability classes application testers frequently see and discuss how just like a software update, RFCs that are obsoleted, are done so for a good reason.
While I’m sure there will be at least one person in Leeds (most likely a colleague or friend I’ve convinced to attend), who would enjoy a pure RFC discussion, I prefer my talks to be practical. They’re built around stories and scenarios that shaped my mindset, including the path and people who influenced me along the way. Importantly, I will share real-life examples from tests I’ve conducted to back up my points and to show both how interesting the vulnerabilities caused by ignoring RFCs can be, and how frustrating they are to test in practice.
For the newer generation (either getting into or starting) of testers, you will hopefully learn a bit about RFCs, good application practice and hear some cool stories which may inspire a couple more web application testers!
For the current testers, particuarly the app ones, you will share my pain of non-sensical application behaviour impacting testing, see a couple more "war stories" and might learn just a little bit more about some hidden details in the RFC!
Intended Audience
Current application testers, application developers and new testers.
How NSFW is this talk?
(How spicy is your talk in chilli's?)
Low – probably a jalapeno 😀