Penetration-testing was announced dead over a year ago, but it's still the number one choice of application security professionals when starting out. Can the activities from penetration-testing be re-used and turned into something innovative?
At Toorcamp, Andre presented on "Why appsec tools suck", describing the gap between what the vendors are pushing on appsec professionals, and what we really want and need to do our jobs. This presentation will provide discussion around how to solve many of these and other challenges in application security. The focus will be on web applications that use common technologies (HTTP, SQL, Classic XML/HTML, Javascript, Flash) but also updated to today's standards (RESTful transactions, NoSQL, HTML5, Ajax/Json, Flex2).