Sort by:  

Authors: Sam Stepanyan

tldr - powered by Generative AI

Nettacker: An Automated Penetration Testing Framework
  • Nettacker is a free and open-source automated reconnaissance and penetration testing tool
  • It can scan networks for vulnerabilities, discover expired SSL certificates, and find subdomains hosting vulnerable versions of content management systems
  • Nettacker can be used by both attackers and defenders, and has been helpful for bug bounty research
  • The tool uses YAML modules and is written in Python
  • Nettacker can be automated using GitHub actions and Docker containers
  • Automated scans can be scheduled to run regularly and generate reports as artifacts
Authors: Daniel Krasnokucki

Abstract:Having Security testing in the pipeline is getting more and more popular, I would say it is becoming a standard! But what we are doing with findings? What are we automating and how are using the automation?The presentation will cover security-as-a-code practices to integrate security testing into the CI and CD pipelines, but in addition - I will discuss the part of the testing that cannot be automated, which is penetration testing. How do you connect it with your automation testing and what is the role of penetration testing in monitoring? I will show how it affects next round of the process and what the process should look like.During the presentation I will discuss real use cases from different pipelines and security tools, showing pros and cons, advantages and challenges. Demo will include GitHub Actions and open-source tools like OWASP ZAP and examples will be provided with pipeline-as-a-code and security-as-a-code. Real life use cases and examples with step-by-step instruction how the development process in mature state of DevSecOps should look like.
Authors: Brian Reed

tldr - powered by Generative AI

The presentation discusses the creation of a certification and testing regime for IoT connected mobile apps and VPNs using the 20 years of history and documentation of OWASP.
  • Mobile apps dominate usage in the market and have security vulnerabilities.
  • The OAuth Mobile Project was created to address mobile app security issues.
  • The prevalence of insecure data storage and network connections in mobile apps is similar to cross-site scripting in web apps.
  • The IOXT organization created a standard for certifying the security of IoT devices and expanded to include mobile connected apps.
  • The 20 years of history and documentation of OWASP were used to create a certification and testing regime for IoT connected mobile apps and VPNs.
  • The speaker's company is a financial sponsor of the OAuth Mobile Project and participates in creating tools and standards for mobile app security.