Hacking with a Heads Up Display

Presented at BSidesSF 2019, March 3, 2019, 2:10 p.m. (30 minutes).

Introducing security testing tools to a QA or developer's workflow can be difficult when the tools aren't easy or intuitive to use. Even for security professionals, the friction of cumbersome security tooling can prevent them from getting the most from a tool or being effective with their time. The OWASP ZAP team is working to help enable developers, QA, and hackers alike with the ZAP Heads Up Display, a more user friendly way to engage with the security testing tool. The Heads Up Display integrates ZAP directly in the browser providing all of the functionality of the tool via a heads up display. The goal is to make ZAP more accessible and enable users, especially developers, to integrate security in their daily workflows. This talk will discuss the importance of usable tools, design tradeoffs made to improve usability, the various browser technologies powering the HUD, and how you can start hacking with a heads up display.

Presenters:

  • David Scrobonia - Segment
    David Scrobonia is part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and is a core team member of the OWASP ZAP project.

Links:

Similar Presentations: