Name: Automated Web Application and API Discovery and Other Things That Sound Simple but Are Actually Difficult
Start: 2020-03-28T15:00:00-0400
End: 2020-03-28T15:30:00-0400

Back To Schedule

Automated Web Application and API Discovery and Other Things That Sound Simple but Are Actually Difficult

Feedback form is now closed.

Building an application inventory is a critical but often skipped step in many Application Security programs. Security teams are overly dependent on questionnaires, word of mouth or other passive methods of application discovery. This can create gaps which are filled with unknown, legacy or otherwise risky applications in the environment. These neglected areas then become a perfect foothold for an attack. In this talk we will dissect the challenges around web application and API discovery, and outline approaches that have worked well for our team. We will outline specific techniques for automatically enumerating web applications and APIs and onboarding them into tools that can help identify risk.

https://zoom.us/j/998173381

Speakers

Jeremy Brooks

Security Architect

Jeremy is an Information Security Architect at a Fortune 1000 retailer. His responsibilities include penetration testing, security tools development, secure code review, secure architecture review and threat modeling.Jeremy has experience in software development stretching back 20... Read More →

Stuart Lane

Application Security Engineer, Aaron's Tech

Saturday March 28, 2020 3:00pm - 3:30pm EDT
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

Detect

BSides Atlanta 2020

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Jeremy Brooks

Stuart Lane