Drew Kirkpatrick, Security Researcher for Secure Decisions, a division of Applied Visions, Inc., will speak at the B-Sides Rochester Hacker Conference (B-Sides Roc) on April 14th, at 3 PM. Mr. Kirkpatrick will discuss the ways web application penetration testers can enhance their white box testing process with two open-source tools—the Attack Surface Detector; and OWASP Code Pulse, a Code Dx, Inc. open-source technology.
Pentesters face an uphill battle as they defend their applications against malicious attackers. Their time and resources are extremely limited, yet they must secure an entire application. Cyberattackers, however, have as much time as they need, and only need to find a single vulnerability to get what they want. Therefore, pentesters must use every advantage they can find to defend their applications. The most significant advantage they hold over a malicious attacker is their access to the application’s source code and server bytecode. The Attack Surface Detector and OWASP Code Pulse both help pentesters best use this advantage.
OWASP Code Pulse instruments web application server bytecode to visually display real-time code coverage, so you have a live view of what areas of code are being exercised during a penetration test. This helps pentesters identify gaps and overlaps across various tools, providing much greater insight into testing activity’s efficacy, and tool performance.
Drew Kirkpatrick has over fifteen years of experience designing and building complex systems including application security tools, network management, cyber curriculum development, and transit and aerospace systems. He works to improve information security and software assurance by applying computer science, ethical hacking, and human factors knowledge to build novel systems to meet complex needs. Before joining Secure Decisions as a Security Researcher, Drew was a Senior Computer Scientist in the U.S. Navy Human-Computer Interaction (HCI) Laboratory. He is a certified GWAPT and OSCP, and a member of the GIAC Advisory Board. He received his B.A. in Psychology and Economics from St. Mary’s College of Maryland, and Master’s degrees in Computer Science and Computer Information Systems from Florida Institute of Technology.
B-Sides Roc is a non-profit white hat hacker conference in Rochester, NY, showcasing presentations from industry professionals, competitions and games, and workshops to learn about new or emerging technologies. Part of the B-Sides Conference mission is to help students find employers so they can turn what may be a hobby into a career path. This year’s conference is April 13th-14th.