For years, attackers have assailed network and system level vulnerabilities, fueling demand for products like firewalls and network vulnerability scanners. As these products mature and IT security teams learn to better handle network security, the industry is seeing a visible increase in attacks moving up the stack to target application,level vulnerabilities. As threats evolve and new attack vectors are discovered, applications need to be tested to see how they are affected. Application vulnerability management needs the same rigor infrastructure vulnerability management has; web application vulnerability assessments need to be continuous. Want to know how to continuously scan hundreds of production web applications? The web application vulnerability management framework shown in this presentation is the next step in application security. This framework introduces a methodology for continuous production web application security assessments on a large scale

Back to Derbycon 2014 video list