OWASP Israel 2008 Conference Shai Chen

Achilles’ heel – Hacking Through Java Protocols

Web applications normally use clear HTTP protocols to communicate, and can be manipulated with interception proxies such as Achilles, WebScarab and Paros. However, many modern applications utilize thick clients (such as applets) which are based on binary protocols that cannot be easily manipulated in such methods.

In this lecture we will present techniques for manipulating such applications, including new techniques for live manipulation of Java serialized protocols, allowing the tester to overcome many of the obstacles associated with the testing of such applications.

Bio

Shay Chen is Senior Consultant and Team Leader at Hacktics Ltd. In his current position in Hacktics, Shay Chen is leading a team of high-end penetration testers and consultants in the application security field. He has over seven years in information technology and security, including a strong background in software development. Shay is an experienced speaker, and regularly instructs a wide variety of security related courses. Before moving into the information security field, he was involved in various software development projects in ERP, mobile & enterprise environments.