|
PRESENTATION:
|
Adaptive Testing Methodology: Crowdsourced Testing Methodology Customized to the Target Stack
|
|
PRESENTER(S):
|
Daniel Miessler, Director of Client Advisory Services for IOActive
|
|
CONFERENCE:
|
|
|
LOCATION:
|
Annenberg Community Beach House, Santa Monica, CA, US
|
|
DATE & TIME:
|
January 26, 2016 at 15:00PM
|
Testing methodology is often a sore subject for pentesters. Everyone tends to have their own approach, so it’s not uncommon for three people testing the same thing to end up with different results—especially when constrained for time.
In this presentation, Daniel will elaborate further on the OWASP Adaptive Stack Testing Methodology (ASTM) project and its two goals: 1) allow security testers to consistently find the best vulnerabilities in the shortest amount of time, and 2) provide a framework for community improvement of the methodologies.
Daniel will explain that the ASTM combines a time constraint with a quick technology detection step to build a custom testing methodology for a specific website. The custom methodology allows the security tester to find the most vulnerabilities within the time limit, and generally within the same time limits that another tester would find with that methodology.
About Daniel Miessler
Daniel Miessler is a Director of Client Advisory Services with IOActive, based out of San Francisco, California. Daniel has 15 years of experience in information security with a focus on web, mobile, and IoT, and is a project leader for the OWASP IoT and OWASP Mobile Top Ten projects. In his spare time, he enjoys reading, writing, programming, and table tennis.
About OWASP AppSec California
The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, Santa Barbara, and San Diego OWASP chapters to bring you the third annual AppSec California. The event is a one-of-a-kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###
Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github