Aaron Cure
ÜberConf
Denver · July 21 - 24, 2015
Senior Security Consultant with Cypress Data Defense
Aaron is a senior security consultant at Cypress Data Defense, and an instructor and contributing author for the CDD Introduction to Internet Security in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician, he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. Other experience includes developing security tools, secure code review, vulnerability assessment, penetration testing, risk assessment, static source code analysis, and security research. Aaron holds the GIAC GSSP-.NET, GWAPT, GMOB, and CISSP certifications and is located in Arvada, CO.
Presentations
Integrated Vulnerability Scanning with ZAP
The Agile and DevOps software development lifecycles present interesting challenges for application security. How can security keep up with the rapid development cycles, constantly changing code base, and continuous deployment schedules? The answer lies within an automated security framework that is integrated into the development lifecycle.
Exploiting Common Web Application Vulnerabilities
Exposing applications over the web continues to allow attackers to compromise an organization’s clients, customers and employees. These applications are often deployed with compressed development timelines, and as a result often contain several common security vulnerabilities. This presentation will discuss and demonstrate exploitations of the most common vulnerabilities identified during a security review, using tools such as Burp Suite, BeEF, and sqlmap. Most importantly this presentation will also demonstrate how to remediate and eliminate these vulnerabilities from your applications.