A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Past Due: Practical Web Service Vulnerability Assessment for Pen-Testers, Developers, and QA - Jeremy Druin Louisville InfoSec 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Past Due: Practical Web Service Vulnerability Assessment for Pen-Testers, Developers, and QA - Jeremy Druin
Louisville InfoSec 2013

Because web services facilitate mobile application development, support “Web 2.0” web applications, and integrate modern applications with legacy systems, web services are increasingly common. Like more familiar web applications, web services may be vulnerable to OWASP Top Ten issues. However, the evaluation of web services has not reached the level of automation and maturity of application assessment. We will provide an overview of web services and demonstrate a practical approach to assessing services for security vulnerabilities.

Jeremy Druin works as an internal pen-tester, vulnerability management, and defect-remediation expert for a multi-national transportation logistics company. Jeremy manages web vulnerability assessment operations, authored corporate application and database security standards, created the developer training program, and teaches developers how to architect, design and write secure applications. Additionally Jeremy develops the open-source Mutillidae II training environment and consults on web-application security topics. As the Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on application vulnerabilities, pen-testing and remediation along with operating the “webpwnized” YouTube video channel. Jeremy has a Bachelor in Computer Science from Indiana University and is a CompTIA and GIAC-certified Network/Web Application Pen-Tester and Exploit Developer.

Back to Louisville InfoSec 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast