Talk 11:30 - 12:15 August 10, 2019

Alyssa Herrera, STÖK, Corben Leo, Chloé Messdaghi (Moderator)

Abstract: Every security tester has some sort of methodology and toolset they use. This ""secret sauce"" is the essence of good security research. This panel is about disclosing those secrets. We will talk through successful tools and techniques used, what we focus on, and why. Followed by topics such as advents in tooling, approaches to different types of applications, reconnaissance, vulnerability trends in bounty, and more. Attendees will leave this presentation with knowledge of practical recommendations for hacking methodologies, tools, and tips to better hack. Along with hearing about vulnerabilities commonly seen as edge cases that have been present on heavily tested sites, and what are the upcoming challenges in the space.

This talk focuses on the current and future of bounty hunting and web hacks that bug hunters or penetration testers can be knowledgeable of what the various environment trends. We will be going over the changes to the web attack landscape and how web hackers, can better find bugs in the web applications that are currently being developed.