Penetration Test at Scale: A Data-focused Approach
Managing a global application penetration testing program across the Enterprise poses operational challenges. Extracting and leverage meaningful data can minimize those challenges. We’ll look at some key components to consider for a successful program.
Phillip Pham is an experienced cybersecurity professional with more than a decade of experience working in Big Four Consulting, healthcare, financial, and online services industries. Phillip has led offensive security programs and large-scale pen test engagements. He is an Offensive Security Certified Professional (OSCP) and a SANS AppSec Fighter contributor (LinkedIn open-redirect disclosure; DOM-based XSS in the wild).
APIs are constantly changing and have access to an organization’s most sensitive data, and APIs now represent >80% of web traffic. This reality is attracting attackers that are finding new ways of getting what they’re looking for in custom-made APIs. As a response, OWASP has created a new Top 10 specific to API risks and this presentation will explain and discuss each item.
Ran Barth is a Principal Security Engineer at Salt Security. He has a passion for web application security, and he has spent his career deploying enterprise security solutions. Ran currently resides in Plano, TX and is originally from Israel. You can contact him at [masked].