HTTP Route Busting – Enumerating Routes instead of Directories
Enumerating for files and directories in webroots is the old way of testing web apps. These days developers use HTTP routes to create site content and tools like dirb and dirbuster can misrepresent the actual amount of content on an application. In this talk, I discuss common misconceptions of how modern applications are built and how to find web content using a whitebox and blackbox approach.
Dejan Zelic is a Penetration Tester at Early Warning in Scottsdale. He competes with Savage Submarine who took first place in DefCon’s CMD+CTRL WebApp CTF in 2016. He is an ASU graduate and does not enjoy writing bios about himself.