In this presentation, Bojan Zdrnja, senior SANS Internet Storm Center and CTO of a Croatian information security company INFIGO IS will go through some not so common, but devastating nevertheless, web and mobile application vulnerabilities.
Bojan's team performs almost 200 application penetration tests per year and finds a lot of critical vulnerabilities that are often overlooked not only by developers, but also by penetration testers.
We will not cover the typical, common vulnerabilities such as XSS, SQL injection and similar, that everyone (should - but they don't) know about, but will instead turn to less commonly known vulnerabilities and attack vectors on both web and mobile applications.
It does not matter if you are red, blue or purple team - details about discussed vulnerabilities will help improve your application security knowledge.