Swordfish Security's secure development framework
Identification of server endpoints (requests received by the server) is an important stage of both manual audit and automatic scanning of web applications. In modern web applications, requests are mostly initiated by the JavaScript code, rather than HTML elements. The speaker will discuss a new method of automatic mining of endpoints that uses static and a hybrid static and dynamic analysis of a page's JavaScript code. He will also compare this method with dynamic crawling.
