Talking about Groundspeed on SANS webcast (April 19th 1PM ET) « Groundspeed, a firefox add-on for web application security testers

April 3rd, 2010

Talking about Groundspeed on SANS webcast (April 19th 1PM ET)

On April 19 (1pm EDT / 18h00 GMT) I will be talking about some of the ideas behind Groundspeed on a SANS webcast titled “Manipulating Web Application Interfaces“.

For a long time we have used the same approach to perform input validation on web applications. We have seen some nice improvements at the client side proxy level (remember the old Achilles proxy? Now think about Burp), but the overall idea remained the same: place a client proxy between the browser and the web server, generate requests, intercept them and modify the HTTP parameters.

Why was manipulating the HTTP request such a successful idea that today we still assume it’s the natural way to test input validation? Has the context that forced that solution changed? Or in other words, are we still subject to the same limitations we were then? Those are some of the questions I want to discuss.

You can find more information including a link to register for it here.

This entry was posted on Saturday, April 3rd, 2010 at 7:28 am and is filed under Announcements. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

Click to download and install Groundspeed from the Mozilla Add-on site:

More information

Groundspeed Stuff

About the Author

Felipe lives in New York City and works as an information security architect for a financial services company. Groundspeed and this website are part of a personal project and the opinions expressed here represent my own and not those of my employer.

More info

Groundspeed is an open source tool available under a BSD license and is furnished "as is" and the author makes no warranties and assumes no responsibilities.

Everything written, all the screenshots and all the videos are available under a Creative Commons license