Having a great set of test tools could be the difference between a successful engagement and utter catastrophe. Being able to create tools on the fly to solve intractable test or research problems is a challenge we face every day.
In this workshop we'll lead off by demonstrating the power and flexibility of Ruby. Then we'll teach you how to use your new superpowers to rapidly prototype solutions for real-world problems including:
Participants will be given a virtual test environment to use that includes a toolchain and sample applications to test - they just need to bring a laptop. The toolchain will also be available on the conference DVD and for download.
Quick demonstrations leading into hands-on hacking on real apps will keep the workshop fast-paced and fun.
Cory Scott is a director at Matasano Security, an independent security research and development firm that works with vendors and enterprises to pinpoint and eradicate security flaws, using penetration testing, reverse engineering, and source code review. Prior to joining Matasano, he was the Vice President of Technical Security Assessment at ABN AMRO / Royal Bank of Scotland. He also has held technical management positions at @stake and Symantec. He has presented at Blackhat Briefings, USENIX, OWASP and SANS.
Mike is a senior security consultant at Matasano.
Timur Duehr is a Senior Security Consultant at Matasano Security with over seven years computer consulting experience and a Master's degree in Mathematics. His professional experience includes application development, security assessment, and code review. At Matasano he develops security assessment tools, maintains Ragweed and Buby, performs blackbox and code assisted penetration tests, and source code audits. He has tested applications employing numerous technologies. Previously, he has presented at OWASP Chicago and Black Hat Arsenal.