Penetration-testing was announced dead over a year ago, but it's still the number one choice of application security professionals when starting out. Can the activities from penetration-testing be re-used and turned into something innovative?
At Toorcamp, Andre presented on "Why appsec tools suck", describing the gap between what the vendors are pushing on appsec professionals, and what we really want and need to do our jobs. This presentation will provide discussion around how to solve many of these and other challenges in application security. The focus will be on web applications that use common technologies (HTTP, SQL, Classic XML/HTML, Javascript, Flash) but also updated to today's standards (RESTful transactions, NoSQL, HTML5, Ajax/Json, Flex2).
Andre got his start on Unix-TCP/IP hacking before the September that never ended. Bored of embedded platform research by the time the dot-Bomb happened, he joined the largest online auction company, worked as an appsec consultant for many years, and recently joined a large online gaming company. He is known for his quirky mailing-listposts and blog comments -- and at one time wrote for tssci-security.com.