OWASP Tampa Chapter | Q1 2022 | Virtual Meeting

Welcome to OWASP Tampa Chapter | Q1 2022 | Virtual Meeting

Title: Why Automated DAST Scanners Suck Today

Abstract: Automated DAST scanners have been around for 20 years now, so why is it that we have so much trouble using them? From numerous false positives, complicated configurations to scans that take days raging through single website, why is this still happening? Many factors have changed in the past several years for businesses when it comes to the complexity of and number of assets that need to be scanned for security vulnerabilities. How can these businesses meet compliance and regulation requirements when AppSec tools can’t do the job? In this talk you will see the challenges of automated DAST scanners and why businesses are struggling to keep up with the ever expanding threat landscape when it comes to AppSec.

Speaker: Ray Kelly is an internet security professional with over twenty five years of development experience, eighteen of which has focused on the internet security space. Ray has been a key player in multiple successfully acquired cyber security start-ups. He was the lead developer and business unit director for WebInspect with SPI Dynamics which is an industry leading application security scanner (later HP and Micro Focus). Ray holds three web application scanning patents and speaks regularly at security conferences. Today Ray is a Fellow at NTT AppSec where (formally WhiteHat) where he contributes to research, sales and vision of the security product line.