Vulnerability Assessment 2.0

DerbyCon 4.0 - Family Rootz

Presented by: John Askew
Date: Friday September 26, 2014
Time: 18:00 - 18:25
Location: Stable Talks

What can you do to step up your game as a security analyst? Vulnerability scanners and other security assessment tools can be extremely useful for collecting information quickly and efficiently- but what are some good next steps for analyzing and using that information? How much value does a raw vulnerability scan report provide (hint: don’t just hand this to a client or supervisor)- and how much more value can we get out of our tools with a little bit of effort? What do you do when you need data that an existing tool can’t provide?John will discuss some areas in the security asssessment process that are ripe for easy wins through custom scripting- including data aggregation- diffing- false-positive identification- and visualization. As an example- John will release a tool for slicing and dicing the results from assessment tools in interesting ways- based on various techniques used in previous consulting engagements.John is a senior security consultant with SDGblue LLC. He has too many hobbies to list (but feel free to ask!) and still doesn’t know what he wants to be when he grows up (ideas welcome!)Name:

John Askew


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats