nullcon Goa 2017 - Nearly Generic Fuzzing Of XML Based Formats by Nicholas Gregoire





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Apr 19, 2017

This research project has two goals:

Fuzzing the exact same XSLT targets than in 2012, but with a modern toolbox
Generalize the bug-finding processes and tools to any other XML-based format. In the process, a new tool exclusively designed to mutate XML documents was developed.

Speaker Bio
Nicolas Gregoire has more than 15 years of experience in penetration testing and auditing of networks and (mostly Web) applications. A few years ago, he founded Agarri, a small company where he seeks security bugs for customers and for fun. His research has been presented at numerous conferences around the world and he has been publicly thanked by numerous vendors for responsibly disclosing vulnerabilities in their products. He occasionally participates in bug bounties, and earned the highest rewards from Prezi (twice) and Yahoo. He’s also a long-time user of Burp Suite and an official PortSwigger training partner.

Thanks for watching this video and you can join us on various social networking sites.
Website: http://nullcon.net/website/
Facebook: http://www.facebook.com/nullcon
Twitter: http://twitter.com/nullcon


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...