Richard Dean of Portcullis and Sumit Siddharth of 7safe, will be jointly speaking and presenting their findings on the ‘The Art of Exploiting Logical Flaws in Web Apps’ at the Black Hat conference in Abu Dhabi, UAE. The conference will take place between the 3rd and 6th of December at the Emirates Palace.
The Black Hat Conference briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat Conference remains the best and biggest event of its kind, unique in its ability to define tomorrow’s information security landscape.
Richard and Sumit were more than happy to share an overview of their talk with us.
‘THE ART OF EXPLOITING LOGICAL FLAWS IN WEB APPS’
In the last 5 or so years, we have seen a rapid demand for web application security testing. At times, security testers gets blinded by the traditional input validation flaws such as Cross Site Scripting or SQL Injection and can at times ignore the most critical part of the pentest which is assessing for logical flaws. Often logical flaws are seen/referred as just parameter manipulation using a MiTM tool, but the reality is that the logical flaws is all about understanding what the application does and then testing the logic. Over the years we have identified some insane logical flaws and we have decided to recreate some of our best logical flaw hacks so that others can learn from these. Some of these hacks will make you giggle, some might make you laugh and some will blow your mind off. These logical flaws are difficult to find and living in the world of automated web app testing tools, it reiterates the fact that running a web app scanner. can never be the same as a manual pentest. The 1 hour talk will give people enough pointers on how to identify logical flaws or where to look for these.
If you happen to be in the area and wish to attend, or generally would like to know more about the Black Hat event in Abu Dhabi, please visit for more information.