The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, San Diego, SF Bay Area, and the Inland Empire chapters to bring you the FIFTH Annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

One and Two-day training sessions on various subjects by expert trainers kick off the conference on January 28th. World renown speakers follow on days three and four.

There will be four concurrent tracks throughout the day on both January 30 and 31, addressing a variety of topics to enhance knowledge.

Back To Schedule
Tuesday, January 30 • 11:45am - 12:35pm
ReproNow - Save time Reproducing and Triaging Security bugs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Abstract :
Crowdsourcing security aka Bug Bounty Programs are adapted by almost all companies today: big, small, mid size. While companies reap a lot of benefits, the challenge is to have a security engineer/engineers reproduce each of the bug, understand the replication method and spend time recreating the security bug that the researcher reported. And sometimes (read all the time) it may also require a lot of going back and forth with the researcher to reproduce the vulnerability. As security engineers we felt the pain as well and we created a tool that solves this challenge and helps organization focus their resources on resolving these vulnerabilities and strengthening their security posture.

Our tool is an open source software and an easy to install browser extension. A researcher can install this extension on their browser and record the entire walkthrough of the vulnerability. Our tool captures not only the screen but even Network requests. So, a researcher can capture the entire session and submit this video to the organization. Then, the security engineers who validate this can play the video on the tool and see the exploit in action. They don’t have to spin up Burp Suite or other bazillion tools and again spend time on reproducing  the entire thing. The tool also lets you search for a string, therefore you can jump to a specific payload to see the exploit. This makes triaging much easier, saving engineers valuable time.

avatar for Vinayendra Nataraja

Vinayendra Nataraja

Senior Product Security Engineer, Salesforce
Vinayendra Nataraja is a Senior Product Security Engineer at Salesforce and an independent security researcher. He has been in the security industry for 5 years now and holds a Masters degree in Information Security from Northeastern University. He leads the bug bounty efforts for... Read More →
avatar for Lakshmi Sudheer

Lakshmi Sudheer

Senior Security Partner, Netflix
Lakshmi Sudheer is a Security engineer who is passionate about all things Information security and mostly been on Application Security side of the world. She also enjoys speaking about her open-source projects and has spoken at Defcon’s BTV, BSides LV, RSA 2018, Appsec USA & AppSec... Read More →

Tuesday January 30, 2018 11:45am - 12:35pm PST
Club Room