Lightning Talk - If you can dodge a wrench!..... (or how not to security test your web app):

Presented at AppSec USA 2016, Oct. 13, 2016, 10:15 a.m. (10 minutes)

Have you ever initiated a test that inadvertently sent 2,000 emails to your executives? How about dumping your Production Database? As web applications become more advanced, security teams have become increasingly reliant on using automated scanners to discover vulnerabilities within their environment. However, unlike NetSec scanners, web application scanners have the potential to break your web app, resulting in loss of data, downtime and more importantly, lost revenue. But don't shut down your scanning program just yet! I will walk you through the common mistakes, pitfalls and pre-scanning techniques that will ensure a more harmonious relationship between your scanner and web application. In this talk you will learn pre-scan reconnaissance techniques, what changes you should make to your application, and how to dodge common scanner configuration mistakes.

Links:

• https://appsecusa2016.sched.com/event/7uAo/lightning-talk-if-you-can-dodge-a-wrench-or-how-not-to-security-test-your-web-app

Similar Presentations:

• DEF CON 8 (2000) / Web Application Security
• DEF CON 9 (2001) / Web Application Security
• AppSec USA 2017 / An Investigation into the Differences Between Web Application Scanning Tools when Scanning for XSS and SQLi