January 2012 - 'Ninja Assessments: Stealth Security Testing for Organizations'

  • January 19, 2012 · 6:00 PM
  • This location is shown only to members

January 2012 Meeting

 

WHO:: Kevin Johnson is a security consultant with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a senior instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

 

ABSTRACT:: Organizations today need to be able to easily integrate security testing within their existing processes. In this talk, Kevin Johnson of Secure Ideas will explore various techniques and tools to help organizations assess the security of the web applications. These techniques are designed to be implemented easily and with little impact on the work load of the staff.

 

COST: Free to all. Bring a Friend. However, please look to join our chapter. Only $50. Greatly appreciated. OWASP is a 501 non-profit org and supports a good cause on web application security awareness.

Join or login to comment.

  • Shauvik Roy C.

    Sorry, we can't post the slides for the meeting (SANS) but here are some notes I noted: Tools: RatProxy, Burp, SoapUI, WSFuzzer. We also spoke about analyzing the client (flash) to discover web service features, AMF RTP traffic (tools anyone?), GWT JS --> GWTEnum? we spoke about OWASP's Zed Attack Proxy. Burp has a Java API and a ruby gem that can be used for scripting.

    January 20, 2012

  • Shauvik Roy C.

    Checkout the slides on the SamuraiWTF sourceforge site: http://sourceforge.net/projects...­

    January 20, 2012

37 went

Our Sponsors

  • VerSprite

    Meetup site sponsor for 2014 and WebEx sponsor for remote meetings.

  • Cox Communications

    A great meeting space for the OWASP ATL chapter.

  • Checkmarx

    Financial Sponsorship of ATL Chapter

People in this
Meetup are also in:

Sometimes the best Meetup Group is the one you start

Get started Learn more
Katie

Katie, started NYC ICO

Start your Meetup today

Act now and get 50% off.
Until February 1.

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy