[Owasp-austin] Next OWASP Austin Chapter monthly meeting on May 31, 2016

Tiana Chandler tiana.chandler at owasp.org
Wed May 11 04:04:12 UTC 2016

Hello Everyone!

This month's *OWASP Austin Chapter meeting* will be on *Tuesday, May 31,
2016*.  Also, the meeting will be back at National Instruments.

Please note that this meeting is the day after Memorial Day holiday.
Hopefully everyone will be ready to extend their holiday fun by attending
this presentation. :)

As a reminder, *please **RSVP on Eventbrite*
<http://owasp-austin-2016-may.eventbrite.com> so that the food order can be
placed to ensure enough food for everyone.

Following are the details of the meeting:


OWASP Austin Chapter Monthly Meeting -- Tuesday, May 31st from 11:30 AM to
1:00 PM

*The ABCs of Source-Assisted Web Application Penetration Testing With OWASP
ZAP: Attack Surface, Backdoors, and Configuration*

There are a number of reasons to use source code to assist in web
application penetration testing such as making better use of penetration
testers’ time, providing penetration testers with deeper insight into
system behavior, and highlighting specific sections of so development teams
can remediate vulnerabilities faster. Examples of these are provided using
the open source ThreadFix plugin for the OWASP ZAP proxy and dynamic
application security testing tool. These show opportunities attendees have
to enhance their own penetration tests given access to source code.

This presentation covers the “ABCs” of source code assisted web application
penetration testing: covering issues of attack surface enumeration,
backdoor identification, and configuration issue discovery. Having access
to the source lets an attacker enumerate all of the URLs and parameters an
application exposes – essentially its attack surface. Knowing these allows
pen testers greater application coverage during testing. In addition,
access to source code can help to identify potential backdoors that have
been intentionally added to the system. Comparing the results of blind
spidering to a full attack surface model can identify items of interest
such as hidden admin consoles or secret backdoor parameters. Finally, the
presentation examines how access to source code can help identify
configuration settings that may have an adverse impact on the security of
the deployed application.

*Speaker: *Dan Cornell

A globally recognized application security expert, Dan Cornell holds over
15 years of experience architecting, developing and securing web-based
software systems. As the Chief Technology Officer and a Principal at Denim
Group, Ltd., he leads the technology team to help Fortune 500 companies and
government organizations integrate security throughout the development
process. He is also the original creator of ThreadFix, Denim Group's
industry leading application vulnerability management platform.

*RSVP* — http://owasp-austin-2016-may.eventbrite.com

*Food:* Taco Deli. Please RSVP so we can be sure to have enough for all!

Only those who RSVP will be eligible for any drawings/giveaways that may
take place!

*Location: *National Instruments, 11500 North Mopac Expressway, Building C,
Austin, TX 78759

For those who cannot attend the meeting but wish to listen via GoToWebinar,
you can register at the following link:



Looking forward to seeing you all!


Tiana Chandler

OWASP Austin Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20160510/d63f6b6e/attachment.html>

More information about the Owasp-austin mailing list