Presented from the perspective of a fictitious web application penetration test, this session will provide you with a well-rounded overview of the open-source tools used by security professionals and penetration testers in their daily work on the detection of security vulnerabilities.
Despite the high quality of supportive tools in this field, this is still unknown territory for many development projects and therefore unused potential. With Christian Schneider’s presentation, you will get familiar with the tools of the professionals along with the purpose, usage scenarios with concrete examples, and pros and cons – in the hope that their use does not remain only in the hands of the penetration tester.
Christian Schneider writes software since the nineties, works as a freelance software developer since 1997 (with Java since 1999) and focuses on IT-Security since 2005. Aside from the traditional software engineering tasks he supports clients in the field of IT-Security. This includes penetration testing, security audits, architectural reviews, and web application hardening. Several times a year Chin-house conducts in-house training courses on topics like web application security (focussing on Java) as well as on SecDevOps concepts for bringing security into agile projects. Sometimes he enjoys writing articles about web application security and speaks/trains at conferences about web application hacking and hardening. As an Advisory Board member of JAX 2014, WJAX 2014 and JAX 2015 developer conferences responsible for their Security Days he constantly tries to guide developers to include security aspects in their projects.
Free: BRAND NEW DevOps Whitepaper 2018
Learn about Containers,Continuous Delivery, DevOps Culture, Cloud Platforms & Security with articles by experts like Michiel Rook, Christoph Engelbert, Scott Sanders and many more.