A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Automating Security Testing with the OWTF - Jerod Brennen BSides Columbus Ohio 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Automating Security Testing with the OWTF
Jerod Brennen
BSides Columbus Ohio 2018

When it comes to app security, scanning is good, but pen testing is better. That said, we're lucky if we can schedule (and budget for) a web app pen test once a year. Wouldn't it be swell if we could automate the security testing process so it turned up the same weaknesses in QA an attacker would likely try to exploit in Prod? Well, then. You're in luck. OWASP's Offensive Web Testing Framework (OWTF) was designed to help automate the web app pen testing process. By baking the OWTF into your own QA processes, you can benefit from the same knowledge and tools that the bad guys use to attack web apps. Better yet, you can run these tests as frequently as you like for FREE. This presentation will show you how to use the OWTF, helping you improve both the efficiency and effectiveness of your app security testing process.

By day, Jerod (@slandail) is a Security Architect with GBQ Partners. By night, he’s a husband, father, writer, filmmaker, martial artist, musician, and gamer. Jerod has earned every gray hair in his beard, having spent his career fulfilling infosec roles in consulting, higher education, retail, and public utilities. In that time, Jerod has worked on projects including security and compliance (GRC) program implementations, penetration tests, web and mobile application security assessments, and security tool implementations. Jerod shares what he’s learned over the years with local and regional information security professional organizations, as well as attendees at larger information security conferences. He also teaches information security courses, both domestically and internationally. His approach to infosec has two key tenets: you shouldn’t be afraid to void warranties, and you shouldn't need to bypass security to get your work done.


Back to BSides Columbus Ohio 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast