Hacking with a Heads Up Display

Presented at BSidesSF 2019, March 3, 2019, 2:10 p.m. (30 minutes)

Introducing security testing tools to a QA or developer's workflow can be difficult when the tools aren't easy or intuitive to use. Even for security professionals, the friction of cumbersome security tooling can prevent them from getting the most from a tool or being effective with their time. The OWASP ZAP team is working to help enable developers, QA, and hackers alike with the ZAP Heads Up Display, a more user friendly way to engage with the security testing tool. The Heads Up Display integrates ZAP directly in the browser providing all of the functionality of the tool via a heads up display. The goal is to make ZAP more accessible and enable users, especially developers, to integrate security in their daily workflows. This talk will discuss the importance of usable tools, design tradeoffs made to improve usability, the various browser technologies powering the HUD, and how you can start hacking with a heads up display.

Presenters:

• David Scrobonia - Segment
  David Scrobonia is part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and is a core team member of the OWASP ZAP project.

Links:

• https://bsidessf2019.sched.com/event/Jdcn/hacking-with-a-heads-up-display

Similar Presentations:

• AppSec USA 2015 / Chimera: Securing a Cloud App Ecosystem with ZAP at Scale
• AppSec USA 2013 / Project Summit: ZAP Hackathon Session
• Global AppSec - DC 2019 / The Zest of ZAP: How scripting in our favorite tool can bridge the gap between dev teams and security