Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high impact application security research.
Enterprise web applications have been deployed rapidly to the internet over the last ten years. Often, these applications remain secure, purely due to how difficult it is getting a copy of the source code. Unsurprisingly, some of the most popular enterprise web applications contain critical pre-authentication vulnerabilities. This presentation discusses how to get your hands on enterprise web applications and how to audit them for vulnerabilities, demonstrated through the disclosure of multiple 0days in popular enterprise web applications.