This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Pen Testing with Iron

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
By taking advantage of the new Dynamic Language Runtime (DLR) from Microsoft, many challenges in pen testing .NET based applications are greatly simplified. The combination of dynamic and static languages drives toward a best of breed approach in testing .NET applications.

This talk will focus on practical methods of testing WCF services, Silverlight, and connected WPF Desktop applications using Python or Ruby via the Microsoft Iron* language ports. Specific topics covered will include increasing code visibility, simplified service proxy calls and overriding application behavior dynamically.

Additionally, since the DLR has nearly full support for running python and ruby applications, many familiar pen testing tools can be brought into an engagement to further enhance the testing of .NET applications.

Andrew Wilson

Andrew Wilson is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 9 years experience building and securing software for a variety of companies. Andrew specializes in application security assessment, penetration testing, threat modeling and secure development life cycle. Andrew is active in the developer and security community as a speaker, a trainer, and as a leader of the Phoenix OWASP & Azure user groups. Andrew is recognized as a Microsoft MVP in Windows Azure.