Code Dx will be present at the conference in booth #10
Ken Prole, CTO of Code Dx, will be speaking at the Lonestar Application Security Conference (LASCON) on October 25 at 2:00 pm – 3:00 pm in the Qualys Room at the Norris Conference Center in Austin, TX. The talk, entitled The White Hat’s Advantage: Open-source OWASP tools to aid in penetration testing coverage, will discuss the Attack Surface Detector and Code Pulse, and will include a demonstration. He will discuss how web application penetration testers can improve the efficiency and comprehensiveness of their white box testing using these two new open source OWASP tools.
The first tool, OWASP Code Pulse, uses glass box testing techniques to instrument the web application server bytecode to provide real-time code coverage while testing the application. This allows the penetration tester to measure how much of the application’s server code their testing has touched, and visually displays gaps in their testing coverage.
The second tool, Attack Surface Detector performs static code analysis to first detect the web application endpoints, parameters, and parameter datatypes. This information is then pulled into the Burp Suite and OWASP ZAP web application testing suites to allow for rapid dynamic testing of the discovered attack surface. The benefit of this approach over traditional spidering techniques is that hidden endpoints are found without brute force guessing, and optional parameters not seen in the client-side code are discovered.
Additional details about Ken’s presentation can be found at the LASCON event schedule.