Back To Schedule
Saturday, March 28 • 3:00pm - 3:30pm
Automated Web Application and API Discovery and Other Things That Sound Simple but Are Actually Difficult

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Building an application inventory is a critical but often skipped step in many Application Security programs. Security teams are overly dependent on questionnaires, word of mouth or other passive methods of application discovery. This can create gaps which are filled with unknown, legacy or otherwise risky applications in the environment. These neglected areas then become a perfect foothold for an attack. In this talk we will dissect the challenges around web application and API discovery, and outline approaches that have worked well for our team. We will outline specific techniques for automatically enumerating web applications and APIs and onboarding them into tools that can help identify risk.


avatar for Jeremy Brooks

Jeremy Brooks

Security Architect
Jeremy is an Information Security Architect at a Fortune 1000 retailer. His responsibilities include penetration testing, security tools development, secure code review, secure architecture review and threat modeling.Jeremy has experience in software development stretching back 20... Read More →
avatar for Stuart Lane

Stuart Lane

Application Security Engineer, Aaron's Tech

Saturday March 28, 2020 3:00pm - 3:30pm EDT
'Detect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA