Scripting for Web Application Testers, and LLM/Application Security

In-person event, kindly hosted by Immersive Labs, 6th Floor, The Programme, All Saints' St, Bristol BS1 2LZ.

To find the entrance, it might be easier to search for "Programme, Bristol, BS1 2NB", or use this link to Google Maps.

Venue:

Photo shows the main entrance, which is visible when walking down the right hand side of the Tesco Express on Wine Street (Google Street View sometimes shows the back entrance, which is only accessible via keycard).

Agenda:

• OWASP Updates.
• Talk 1: LLM and Application Security, with Chris Wood from Immersive Labs.
• Break.
• Talk 2: Intro to Scripting for Web Application Testers with Alex Archondakis.
• Networking.

---

Talk 1: LLM and Application Security, presented by Chris Wood.

Abstract: A look at LLMs and how they affect the security of code and how humans are still needed in the loop.

Bio: Chris is Principal AppSec Engineer at Immersive Labs leading on the development of our Secure Coding product. He is also a founder of BSides Cheltenham.

---

Talk 2: An Introduction to scripting for Application Testers, presented by Alex Archondakis.

Abstract: Scripting, or the ability to write code that allows you to perform actions or automate repetitive tasks is a crucial tool in any application security testers belt, however, it doesn’t seem to be a common one.

The purpose of this talk is to introduce scripting to application security testers, this will be achieved by looking at case studies to determine where scripting may be appropriate and how to solve the problem. We will discuss multiple languages and their advantages whilst focussing on interacting with the HTTP protocol.

The key learning points from this talk are as follows:

• To gain an understanding of the importance of scripting for application security testers.
• What programming languages are used, and their advantages/disadvantages.
• Typical scenarios where scripting is required because tooling is not comprehensive enough.

Bio: Alex is head of professional services & a senior consultant at Pentest People. He has a wealth of experience in penetration testing, people management and training hackers. He believes that all application security professionals should be able to write basic scripts to solve common problems.