Groundspeed is an open source firefox add-on that allows you to manipulate the interface of web applications to adapt it to the penetration test needs. Find more about groundspeed here:

Last month I presented a webcast titled “Manipulating Web Application Interfaces” as part of the SANS webcast series. It is now available online in the SANS webcast archive here. You will have to sign in with your SANS portal account (free registration) in order to see the link to replay the webcast. The slides are available online here.

Here are the slides from the SANS webcast from April 19th. The PDF version will be available at the SANS website soon.

As soon as the recording is made available I will post a link here.

On April 19 (1pm EDT / 18h00 GMT) I will be talking about some of the ideas behind Groundspeed on a SANS webcast titled “Manipulating Web Application Interfaces“.

For a long time we have used the same approach to perform input validation on web applications. We have seen some nice improvements at the client side proxy level (remember the old Achilles proxy? Now think about Burp), but the overall idea remained the same: place a client proxy between the browser and the web server, generate requests, intercept them and modify the HTTP parameters.

Why was manipulating the HTTP request such a successful idea that today we still assume it’s the natural way to test input validation? Has the context that forced that solution changed? Or in other words, are we still subject to the same limitations we were then? Those are some of the questions I want to discuss.

You can find more information including a link to register for it here.