Many application penetration testers and developers have struggled to figure out how to assess the security of WebSocket applications. When new technologies like WebSockets are developed, often the tooling available for penetration testing takes awhile to catch up. What if you could use traditional web penetration testing tools to assess WebSockets? By leveraging concepts found in native code fuzzing, you can! We have been using a novel approach that allows traditional web security testing tools to find vulnerabilities in WebSocket applications.
Michael Fowl works as a Senior Security Engineer at VDA Labs where he leverages offensive information security skills to help clients. An avid bug hunter and penetration tester, Michael has spent countless hours performing web application assessments, including placing as a top finisher in events like “Hack the Pentagon.”
Nick Defoe is a Security Operations Manager at VDA Labs where he manages security consulting engagements to ensure success. Coming from a background in web application development, Nick has worked on penetration tests and application assessments for many major brands.