Syllogistic Application Testing

Presented at REcon 2005, June 19, 2005, 1:30 p.m. (60 minutes)

Most of what the industry is providing in "black box" application security testing today is invalid. This talk will attempt to demonstrate ways we can be more consistant, more thorough, and more honest about the results from "black box" application security testing. At this talk we will provide insights we've learned from performing application testing, writing application testing tools, and the OSSTMM (3.0) methodology for for application testing. This will be the first public demonstration of the Cruiser web application testing tool.

Presenters:

• Robert E. Lee
  Robert E. Lee serves as Dyad Security's Chief Technical Officer. Robert's primary roles include the management and guidance of the security testing team, technology and software development, and education programs. Robert functions as the primary technical contact interfacing with clients for Dyad. When founding Dyad Security, Robert brought with him knowledge of the Value Added Reseller (VAR), consulting, and technical start up spaces. His consulting experience was developed and refined during his time with General Electric-GE Access, Advanced Systems Group, and Enterprise Computing Solutions. Robert's extensive consulting background comprises eight years of service to fortune 1000 companies. His role as an industry consultant was focused on Disaster Recovery, High Availability, and Business Continuity projects. His expertise in leading teams and directing projects has resulted in some of the most reliable computing environments in the world. Robert is a contributing author to the OSSTMM, Unicornscan, and Cruiser projects. Robert was accepted on scholarship at the age of 17 to Brigham Young University where he studied French Horn Performance and Computer Science. Robert maintains his OSSTMM Professional Security Tester (OPST) & OSSTMM Professional Security Analyst (OPSA) certifications from the Institute for Security and Open Methodologies (ISECOM).
• Jack Louis
  Jack Louis is a Senior Security Researcher for Dyad Security. He has a background in core networking technologies, systems programming, and electronics. Jack is the lead programmer behind unicornscan, a distributed data information engine for the the OSACE project. Jack is also the lead author of cruiser, a web application testing tool in the OSACE suite. Jack has given lectures on building secure software, offensive programming, and building miscellaneous electronic components to solve a wide variety of problems at hand. Jack is also an ISECOM OPST & OPSA Certified Instructor.

Similar Presentations:

• DEF CON 8 (2000) / Web Application Security
• AppSec USA 2015 / Blending the Automated and the Manual: Making Application Vulnerability Management Pay Dividends
• GrrCON 2014 / Application Pen Testing