When it comes to app security, scanning is good, but pen testing is better. That said, we're lucky if we can schedule (and budget for) a web app pen test once a year. Wouldn't it be swell if we could automate the security testing process so it turned up the same weaknesses in QA an attacker would likely try to exploit in Prod? Well, then. You're in luck. OWASP's Offensive Web Testing Framework (OWTF) was designed to help automate the web app pen testing process. By baking the OWTF into your own QA processes, you can benefit from the same knowledge and tools that the bad guys use to attack web apps. Better yet, you can run these tests as frequently as you like for FREE. This presentation will show you how to use the OWTF, helping you improve both the efficiency and effectiveness of your app security testing process.

By day, Jerod (@slandail) is a Security Architect with GBQ Partners. By night, he’s a husband, father, writer, filmmaker, martial artist, musician, and gamer. Jerod has earned every gray hair in his beard, having spent his career fulfilling infosec roles in consulting, higher education, retail, and public utilities. In that time, Jerod has worked on projects including security and compliance (GRC) program implementations, penetration tests, web and mobile application security assessments, and security tool implementations. Jerod shares what he’s learned over the years with local and regional information security professional organizations, as well as attendees at larger information security conferences. He also teaches information security courses, both domestically and internationally. His approach to infosec has two key tenets: you shouldn’t be afraid to void warranties, and you shouldn't need to bypass security to get your work done.

@slandail

Back to BSides Columbus Ohio 2018 video list