AppSec War Stories
This is a look back at some of the fun, cool, and sometimes jaw-dropping situations we've encountered over the last year of web application penetration testing, where we'll recount stories of real tests that we conducted. Some stories include interesting ways around hurdles encountered, some include issues we see frequently, and some are included just for the lulz :) . This talk will include technical content, but has something for everyone from analysts and developers, to executives.
Our intent is not to point fingers or place blame, but rather a reminder of what can happen if we don't all remain vigilant and work to continually improve our defenses. Pull up a chair and grab some pop-corn, it's story time!
Brad Beltman Bio
Brad is a consultant with SecureWorks doing full time web application penetration testing.
He has a masters degree in Information Assurance from Dakota State University. Certifications include OSCP, GWAPT, GPEN, GCIH, GCED, and CISSP. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.
AppSec War Stories will be be co-presented with Jared McLaren.
Security Testing and Investigation