In new era of web we are facing different things almost everyday. With this IoT hype web application security gained more respect. Because, almost every IoT device has a web panel. There are 2 options while analyzing IoT devices from perspectives of web app security. First one is classical blackbox web app pentesting. Researcher browse web panel and poke around to find some bugs. Very common one. The second one is extracting source code from firmware. Firmware topic is a huge area. It includes lots of techniques etc. But, for web section; researcher simply extract filesystem from firmware and start analyzing web application's source code to find bugs. While analyzing for bugs inside of this firmware sea researcher will gain him/herself lots of knowledge about firmware, IoT, filesystems and source code analysis ( also reverse engineering ).
Outline will be step by step.
1 - Intro: Speaker will introduce him/herself.
2- What is IoT? How if effect our life ?
3- How web applications implemented IoT ?
4- How IoT bring appsec a new attack surface
5- Various ways to dump firmwares and get source code
6- A peek to cgi, php, java and key concepts like api etc.
7- How to analysis dumped firmware to find web application vulnerabilities
8- Closing talk. ( Thanks etc. )