Have you ever had to spend valuable time in the middle of a test to prepare something you could have prepared in advance? Did you ever analyse a vulnerability/attack-path in depth only to find a significantly easier to exploit vulnerability hours/days after? Pen testing is very similar to playing chess: It is easy to get carried on and waste valuable analysis time on a line of attack that is just not the best option. The talk will behighly practical and will show how these techniques have been incorporated into OWTF, not only with screenshots but also demos.
The purpose of this talk is to expose the techniques chess players have been using for centuries and to illustrate how we can learn from these and apply them to pen testing. This is similar to pen testing in that we also have too many vulnerabilities to find and choose from not only on a 1 by 1 basis but also how we would chain them together like a real attacker.Ĭhess players must analyse efficiently to beat time constraints like pentesters but unlike pentesters they have been doing this for a long time. Chess is a complex game: The number of permutations is just too great to compute the best possible move during a game.
