SQL injection, password cracking, web content scanning... As a developer, you've probably heard of some of these terms, and might be aware of the basic measures to counter them. But how does a hacker execute such attacks? What tools do they use? And how easy would it be to attack your own application? By starting to think like our adversaries, we have a better chance of finding vulnerabilities in our software before they can be exploited.

In this talk we will look at a few tools used by attackers and ethical hackers alike to find (and exploit) vulnerabilities in web applications. By the end of the talk, you will have a better understanding of how an attacker might target your application and how you can use the same tools to discover vulnerabilities yourself first.

Previously delivered at PHPAmersfoort, Ode aan de Code, AmsterdamPHP, and PHP & Laravel Eindhoven