This presentation will cover both manual and automated testing methods for web application security vulnerabilities. The simple truth is that is it hard to do, and requires an in-depth Systems Administration background, Software Development background, and IT Security background. This presentation gives a detailed walk through of what it takes to perform a thorough web application security assessment with the expressed goal of making web app security test SIMPLE (since it is NOT easy) and most importantly FREE!
The talk will walk through several firefox add-ons that can be helpful, several open source web application security testing tools, and Joe will be releasing a new FREE web application security testing tool as well.
Joe McCray (AKA - The Black Guy at Security conferences) is an Air Force Veteran and has been in IT Security for over 15 years so he is REALLY old. He doesn't curse or drink as much as he used to, but he does know a thing or two about hacking.