4 Days Left to Save $400 on SANSFIRE 2017

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

HTTP/2 & Websockets Are Gonna Change the Pen Test World. Are You Ready?

  • Wednesday, April 13th, 2016 at 11:00 AM EDT (15:00:00 UTC)
  • Justin Searle and Adrien de Beaupre
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Modern web applications more and more make use of websockets or HTTP/2 to deliver real time and richer content to their clients. As penetration testers, we not only have to be aware of these newer protocols, we have to adapt to testing them, and the unique and fascinating attack surface they provide. Unfortunately the tools we typically use have not adapted to the new reality quite yet. Tune in to hear advanced web application penetration techniques for HTTP/2 and Websockets from the authors who literally write and deliver the SANS course on the topic.

Speaker Bios

Justin Searle

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).


Adrien de Beaupre

Adrien de Beaupre is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response, and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). Adrien is actively involved with the information security community, and organizes the #BSidesOttawa conference. When not geeking out and breaking stuff he can be found with his family, or at the dojo.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.