Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Thinking Like an Attacker
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Nick Le Mouton
February 05, 2018
Technology
0
100
Thinking Like an Attacker
Nick Le Mouton
February 05, 2018
Tweet
Share
Other Decks in Technology
See All in Technology
Introduction to Bill One Development Engineer
sansan33
PRO
0
360
広告の効果検証を題材にした因果推論の精度検証について
zozotech
PRO
0
180
配列に見る bash と zsh の違い
kazzpapa3
1
150
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
610
登壇駆動学習のすすめ — CfPのネタの見つけ方と書くときに意識していること
bicstone
3
100
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
thara0402
0
180
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
5
5.5k
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
2
150
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
930
量子クラウドサービスの裏側 〜Deep Dive into OQTOPUS〜
oqtopus
0
120
Tebiki Engineering Team Deck
tebiki
0
24k
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
230
Featured
See All Featured
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
320
A Soul's Torment
seathinner
5
2.3k
The World Runs on Bad Software
bkeepers
PRO
72
12k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
93
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2k
Amusing Abliteration
ianozsvald
0
100
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
66
37k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
0
260
RailsConf 2023
tenderlove
30
1.3k
Transcript
Thinking Like an Attacker (Hacking Your Own Organisation)
# whoami • Nick Le Mouton (@noodlesnz) • CTO Drugs.com
• Developer • Security • Operations
None
None
None
Googlebot
A2:2017 Broken Authentication
None
• Disconnect between security and developers • Security find vulnerabilities
• Developers fix vulnerabilities • Security often don’t impart how they found the vulnerabilities in the first place
• Best position to attack an application • Shift Mindset
• Logic and knowledge
None
None
Object Injection Example • A8:2017 Insecure Deserialization
None
None
GuzzleHttp\Cookie\CookieJar
Payload
None
None
Blind XSS • A7:2017-Cross-Site Scripting (XSS) • Security scan shows
no XSS vulnerability
XSS Hunter
So How Can I Do That? • Offensive Security Courses
• Hack Yourself First by Troy Hunt (pluralsight.com) • https://infosec101.nz/
• Start hacking things, find out what works and what
doesn’t • Damn Vulnerable Web Application (DVWA) • OWASP Juice Shop Project
CTFs • CTFLearn.com • Find upcoming online CTFs on ctftime.org
• Read write ups at ctftime.org/writeups
Thank You
sansan33
zozotech
kazzpapa3
hiroyaonoe
bicstone
thara0402
oracle4engineer
bwkw
oqtopus
tebiki
mikimatsumoto
aleyda
jcasabona
chikuwait
seathinner
bkeepers
jdejongh
inesmontani
ianozsvald
tammyeverts
akihiro_kokubo
reverentgeek
tenderlove
