Python Basics for Web App Pentesters

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Take a break from those talks that overstimulate your brain with cool technical details but provide little use to your day to day job. This talk has none of that. The goal of this talk is to teach you basic python skills you can use every day. Join one of the SamuraiWTF project leads and learn how to interact with websites using python scripts and python shells. Understand the differences between the major HTTP libraries like httplib and urllib2. Walk through sample code that performs username harvesting and dictionary attacks. Learn how to use Python's multithreaded features to speed up your scripts. Fall in love with Beautiful Soup. And most importantly, discover PyCIT, a new opensource project that provides simple, documented, and functional python templates to accelerate your python scripting efforts.

The speaker

Justin Searle, a Senior Security Analyst with InGuardians, specializing in the penetration testing of web applications, networks, and embedded devices. Justin is an active member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid) and lead the Smart Grid Security Architecture group in the create of NIST Interagency Report 7628. Previously, Justin served as JetBlue Airway’s IT Security Architect, and has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudnum. Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA).