Aaron Cure

Integrated Vulnerability Scanning with ZAP

11:00 AM MDT

The Agile and DevOps software development lifecycles present interesting challenges for application security. How can security keep up with the rapid development cycles, constantly changing code base, and continuous deployment schedules? The answer lies within an automated security framework that is integrated into the development lifecycle.

This presentation will demonstrate how to integrate a new application security testing framework into your build environment. Popular open-source vulnerability scanners, such as the Zed Attack Proxy (ZAP), will be leveraged to provide real-time feedback to development teams, allowing them to remediate vulnerabilities before they reach production.

Exploiting Common Web Application Vulnerabilities

1:30 PM MDT

Exposing applications over the web continues to allow attackers to compromise an organization’s clients, customers and employees. These applications are often deployed with compressed development timelines, and as a result often contain several common security vulnerabilities. This presentation will discuss and demonstrate exploitations of the most common vulnerabilities identified during a security review, using tools such as Burp Suite, BeEF, and sqlmap. Most importantly this presentation will also demonstrate how to remediate and eliminate these vulnerabilities from your applications.

In this presentation, we will be discussing the following vulnerabilities from the OWASP Top 10:

A1: Injection
A3: Cross-Site Scripting (XSS)
A8: Cross-Site Request Forgery (CSRF)