G1. Rock Your Next Web Application Penetration Test
Thursday, May 10, 2018
2:00 PM - 3:00 PM
Have an upcoming Application Security Review (ASR) for PCI DSS? In-house or 3rd-party penetration testers need to hone your skills with web apps? Perhaps you just want to learn some insider knowledge about how a web app pen test is done... if so this talk is for you and will cover: • Planning for success • Required Tools • Manual testing and exploitation techniques • Setting expectations and providing value • Epic fails for you to avoid This is not a generic talk about pen testing, rather this talk is designed to leave you with actionable knowledge you can use in the workplace.
After completing this session, learner will:
- Understand how to plan, set expectations and conduct a successful web application penetration test
- Be aware of great tools at their disposal and requirements of manual testing
- Learn to avoid unexpected mistakes during testing
- Learn how to exploit common flaws impacting modern web applications
Serge Borso is the CEO of SpyderSec based in Denver, Colorado and has over a decade of experience in the information security field. Serge is a community instructor with the SANS institute, sits on the broad of directors for the Denver OWASP chapter and speaks regularly on topics of penetration testing, security awareness, and appsec.