Black Hat //Webcast 35
WORKSHOP: A SamuraiWTF intro to the Zed Attack Proxy
// Justin Searle
Join one of the SamuraiWTF founders and project leaders for a virtual hands-on workshop introducing you to one of OWASP's latest web assessment tools. Take a back seat to the instructor and watch at he explains his thought process and shows his techniques as he uses the Zed Attack Proxy to perform a penetration test on a vulnerable web application.
See how the Zed Attack Proxy can be used to track your manual penetration findings, provide automated tools to aid in your mapping of a web application, help you discover vulnerabilities, provide third party tool integration, and even help you with your report by providing strong reporting functionality and open source report verbiage. Come prepared with your copy of Samurai-WTF up an running on a second computer or in a virtual machine so you can follow along as Justin gives you an introduction to a tool you don't want to miss.
To download Samurai-WTF, go to www.samurai-wtf.org. To follow along on your own machine, have it running in a virtual machine by the beginning of the workshop.
Justin Searle, Managing Partner, UtiliSec
Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).
Mike Shema is the Director of Engineering for the Qualys web application scanning service. He has authored several books, including "The Anti-Hacker Toolkit," and he blogs on web security topics at the companion site for his latest book, "Seven Deadliest Web Attacks."
Will Bechtel, CISSP, CISA, PMP
Director of Product Management, Web Application Scanning
Mr Bechtel has over 25 years of information security and software development experience that spans industries such as financial services, high-tech, utilities, healthcare and defense. Mr Bechtel's career started with developing management applications for the US Navy and evolved over time into the design and development of online commerce solutions.
At Qualys Mr. Bechtel is the Director of Product Management for the Web Application Scanning service. Prior to Qualys, Mr. Bechtel was the Application Security Practice Lead for AT&T's Security Consulting and a Sr. Consulting Manager in the Application Security Practice with VeriSign's Global Security Consulting where he lead application security assessments for fortune 500 clients. In previous roles Mr. Bechtel architected, developed and oversaw application security control development for enterprise software used by companies such as Sony, American Express, Federal Express and DirecTV. Mr. Bechtel graduated from the University of California, Irvine in 1986, and later gained MS Candidate status in Computer Science at San Diego State University. Mr Bechtel is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Auditor and a certified Project Management Professional (PMP).
Qualys, Inc. is the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. Qualys solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.
The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 45 of the Fortune 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a leading global company, and has been recognized by leading industry analysts for its market leadership. Qualys was recently named Best Security Company in the Excellence Awards category of the 2011 SC Awards U.S.
Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com.