ÜberConf - July 19 - 22, 2016 - No Fluff Just Stuff
NFJS2025

Automating Application Security Testing: Be Offensive!

ÜberConf

Denver · July 19 - 22, 2016

You are viewing details from a past event

About this Presentation

While developers and testers use Selenium and other suites to test web application functionality, security often falls to the wayside because it's either too time consuming or they just don't know HOW to test for these issues. In this talk we'll discuss some basic OWASP TOP 10/CWE 25 vulnerabilities and how to discover them.

We'll use Selenium in conjunction with tools, such as ZAP and Burp, to identify vulnerabilities in our applications.

Aaron Cure

Senior Security Consultant with Cypress Data Defense

Aaron is a senior security consultant at Cypress Data Defense, and an instructor and contributing author for the CDD Introduction to Internet Security in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician, he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. Other experience includes developing security tools, secure code review, vulnerability assessment, penetration testing, risk assessment, static source code analysis, and security research. Aaron holds the GIAC GSSP-.NET, GWAPT, GMOB, and CISSP certifications and is located in Arvada, CO.

Steve Kosten

Security Consultant @ Cypress Data Defense

Steve Kosten is a security consultant at Cypress Data Defense and an instructor for the SANS DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course. He's previously performed security work in the defense and financial sectors and headed up the security department for a financial services firm. He is currently the Open Web Application Security Project (OWASP) Denver chapter leader and is on the board for the OWASP AppSec USA conference. He has presented security talks before numerous conferences. He is experienced in secure code review, vulnerability assessment, penetration testing, risk management. He holds a bachelor of science in Aerospace Engineering from the Pennsylvania State University and a Master of Science in Information Security from James Madison University. He currently maintains GSSP-JAVA, GWAPT, CISSP, and CISM certifications. Steve resides in Golden, Colorado. In his spare time, Steve enjoys attending his childrens' sporting events with his wife, road and mountain biking, snowboarding, golfing, volleyball, and paragliding.