OWASP Toronto - December 2018 Event: Web Application Penetration Testing

Hello everyone!

I am happy to announce our last chapter event for 2018. Our guest speakers will be talking about web application penetration testing.

Please note that we have a new venue for this month. George Brown College has graciously offered to host us at their down St. James Campus.

Also, please note that we are starting 30 minutes later than usual, at 6:30 PM EST.

As usual, space is limited, so please RSVP on our Meetup event page to confirm your presence.

Thanks,
Yuk Fai

-----

Date/Time: December 5, 2018, 6:30 PM to 8:30 PM EST
Location: Lecture Hall Room 426A – St. James Campus Building A, George Brown College, 200 King Street East, Toronto, ON, M5A 3W8
Event page:

Web Application Penetration Testing - Methodology and Approach

Abstract:
An introduction to web application penetration testing covering common methodologies and approaches. Topics are: An overview of the business side of how these engagements are commonly run, the methodology and mind-state of penetration testing vs. vulnerability assessments, and a demo using industry standard tools. Recommended for people who are new to the offensive side of security, those interested in learning more about the topic, or who are interested in potentially switching from blue to red team.

Bios:

Frank Coburn

Frank is a Consultant who specializes in web application security testing and analysis, and cloud security. I began my career in Canada’s financial sector in 2015 and have been performing web application penetration tests for various local and remote clients ever since. I have managed many client relationships and a multitude of other projects in Information Security across various industries. In my copious free time I enjoy working on personal projects such as developing scripts, tooling, and creating testing environments.

Haris Mahboob

I work at Security Compass as a security consultant. I specialize in penetration testing web applications and network infrastructures. I have experience working with industry standard SAST/DAST tools and manual testing. I come from a healthcare background working with SIEM tools, vulnerability scanning and management, as well as secure auditing. I enjoy spending my free time honing my penetration testing skills by diving into vulnerable VMs and learning about exotic payloads.