Pen Testing with Iron
This talk will focus on practical methods of testing WCF services, Silverlight, and connected WPF Desktop applications using Python or Ruby via the Microsoft Iron* language ports. Specific topics covered will include increasing code visibility, simplified service proxy calls and overriding application behavior dynamically.
Additionally, since the DLR has nearly full support for running python and ruby applications, many familiar pen testing tools can be brought into an engagement to further enhance the testing of .NET applications.
Andrew Wilson is a Security Consultant at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 9 years experience building and securing software for a variety of companies. Andrew specializes in application security assessment, penetration testing, threat modeling and secure development life cycle. Andrew is active in the developer and security community as a speaker, a trainer, and as a leader of the Phoenix OWASP & Azure user groups. Andrew is recognized as a Microsoft MVP in Windows Azure.