BlackBox Vulnerability Scanners - Everything You've Ever Wanted to Know


Details
Everything You've Ever Wanted to Know About Black-Box Web Vulnerability Scanners (But Were Afraid to Ask)
Speaker: Adam Doupe
Please join us for our June meeting at ASU. Pizza will be provided. Make sure to account for time to find a parking spot http://www.asu.edu/map/interactive/?campus=tempe&building=BYAC
Black-Box web vulnerability scanners, such as Acunetix, AppScan, and WebInspect, attempt to automatically find vulnerabilities in web applications. These tools promise to bring pentesting skills to the average developer, and they are frequently used as part of the pen testing process.
However, despite their frequent usage, significant questions remain. How do these tools work? Are they effective at finding vulnerabilities? What research is being done to improve these tools? Can they handle modern client-side JavaScript web applications? In this talk, we'll cover all these questions and more!
Bio:
Adam Doupé is an Assistant Professor in the School of Computing, Informatics, and Decision Systems Engineering at Arizona State University. He was awarded the Fulton Schools of Engineering Best Teacher Award Top 5% for 2015 from Arizona State University. His main research focus is in the area of automated vulnerability analysis of web applications using static analysis and dynamic analysis. Prior to joining ASU in 2014, Adam completed his PhD at UC Santa Barbara, where he competed at DEFCON CTF for four years with team Shellfish.

BlackBox Vulnerability Scanners - Everything You've Ever Wanted to Know