Modern web applications more and more make use of websockets or HTTP/2 to deliver real time and richer content to their clients. As penetration testers, we not only have to be aware of these newer protocols, we have to adapt to testing them, and the unique and fascinating attack surface they provide. Unfortunately the tools we typically use have not adapted to the new reality quite yet. Tune in to hear advanced web application penetration techniques for HTTP/2 and Websockets from the authors who literally write and deliver the SANS course on the topic.