Because web services facilitate mobile application development, support “Web 2.0” web applications, and integrate modern applications with legacy systems, web services are increasingly common. Like more familiar web applications, web services may be vulnerable to OWASP Top Ten issues. However, the evaluation of web services has not reached the level of automation and maturity of application assessment. We will provide an overview of web services and demonstrate a practical approach to assessing services for security vulnerabilities.

Jeremy Druin works as an internal pen-tester, vulnerability management, and defect-remediation expert for a multi-national transportation logistics company. Jeremy manages web vulnerability assessment operations, authored corporate application and database security standards, created the developer training program, and teaches developers how to architect, design and write secure applications. Additionally Jeremy develops the open-source Mutillidae II training environment and consults on web-application security topics. As the Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on application vulnerabilities, pen-testing and remediation along with operating the “webpwnized” YouTube video channel. Jeremy has a Bachelor in Computer Science from Indiana University and is a CompTIA and GIAC-certified Network/Web Application Pen-Tester and Exploit Developer.

Back to Louisville InfoSec 2013 video list