11:30 – 11:45 – Lunch is provided, and Good of the Order
11:45 – 12:00 – OWASP news and security notes
12:00 – 1:30 – Featured speaker.
Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, We’ll go over the different stages of a web application pen test, from start to finish. We’ll start with tools used during the discovery phase to utilize OSINT sources such as search engines, subdomain brute-forcing and other methods to help you get a good idea of targets “footprint”, automated scanners and their use, all the way to manual testing and tools used for fuzzing parameters to find potential SQL injection vulnerabilities. We’ll also discuss pro-tips and tricks that we use while conducting a full application penetration assessment. After this talk, you should have a good understanding of what is needed as well as where to start on your journey to hacking web apps.
Brent is an Sr. Security Consultant within Solutionary’s Professional Security Services team (an NTT Group Security Company) and has spoken at numerous security conferences, including ISSA International, DEF CON 22 & 23, DerbyCon, SaintCon, PhreakNic, SkyDogCon, NolaCon, “B-Sides” conferences, Techno Security Con, Appalachian Institute of Digital Evidence (AIDE) conference at Marshall University and InfoSecWorld and is also the founding member of DC615, an official Nashville Def Con group. He has held the role of Web/Project Manager and IT Security Director at the headquarters of a global franchise company as well as Web Manager and information security positions for multiple television personalities and television shows on The Travel Channel. He has also been interviewed on the topic of Social Engineering on the popular web series, “Hak5” with Darren Kitchen and on White hat hacking for Microsoft’s “Roadtrip Nation” television series. His experience includes Internal and External Penetration Assessments, Social Engineering and Physical Security Assessments, Wireless and Application Vulnerability Assessments and more.