Securing Web Applications - Using Intercepting Proxies for Fun & Profit

by Douglas Frank and Daniel Sandau | at MinneBar 10 | 11:15 – 12:05 in Challenge | View Schedule

In the age of web-based applications, ensuring client-server apps are configured securely is of paramount concern. With intercepting proxy tools you can easily understand how a web application works and start manually testing it. They allow its operator to act as a man-in-the-middle between a browser and the target application.

This session will briefly discuss when in the Secure Software Development Lifecycle 'dynamic analysis' security tools should be used and primarily teach how intercepting proxies can be used to improve security of these types of applications. The use of the 'Burp Suite Pro' intercepting proxy to identify security problems with web applications will be demonstrated.


Douglas Frank

Leads Best Buy's Secure Software Development Practice where white hat hackers test applications and assist developers in creating secure code since 2008.

Daniel Sandau

Works for Best Buy's application security group as a white hat hacker since 2013, where he tests applications and assists development teams to secure their code.