Description: Is your network being hacked by agents of foreign governments? That’s a shame. But your web applications might be susceptible to attacks from much more everyday threats. To counter them, does you company do application risk assessments? There are always limited resources to doing assessments and testing; how do you decide which applications deserve the most attention? In this talk, we will review a real-life situation where what management thought was a innocent little low risk application actually had some nasty secrets in its closet.

Bio: “Conrad has held a variety of positions in IT Audit, Application Development, Management, and Web Security in Fortune 50, non-profit, and government sectors. He has been implementing and advising on IT security solutions for several years. He currently hacks government web apps for a living.”

Back to Derbycon 2013 video list