The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, San Diego, SF Bay Area, and the Inland Empire chapters to bring you the FIFTH Annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

One and Two-day training sessions on various subjects by expert trainers kick off the conference on January 28th. World renown speakers follow on days three and four.

There will be four concurrent tracks throughout the day on both January 30 and 31, addressing a variety of topics to enhance knowledge.

Back To Schedule
Wednesday, January 31 • 11:30am - 12:20pm
Hunter – Optimize your Pentesters time

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Abstract: Is your pentest report filled with low risk items? Are these projects that you pentest too short for a full-fledged secure SDLC process or are they third party systems that you have little control over? We at eBay had a similar problem wherein more than 25% of our pentesting resources used to get bogged down by these low risk items. We understand that it takes time to find, document and report these items (some which get entangled in a never ending remediation cycle). 
So we built Hunter to help us get ahead of some of these time sinks. Hunter is a simple open source tool that grades any website or rest endpoint. It quickly checks for certain low risk items and provides the requester with a grade (A – F). You can use hunter as a precursor to your pentest. Non security product development managers don’t understand security jargon, but they love to see a grade A on their product. The use of Hunter sits in between doing nothing before a pentest and a full-fledged secure SDLC process that might be an overkill. 
This talk is about our journey of why we built Hunter and how we saved about 10 – 15% of our pentesting budget. This talk is aimed at managers and pentesters who want to optimize their team’s resources and attendees will walk away with the knowledge of how they can leverage this open source tool.

avatar for Kiran Shirali

Kiran Shirali

Senior Security Engineer, eBay
Kiran Shirali is a Senior Security Engineer in eBay’s blue team. Prior to joining the blue team, Kiran has worked on the Security Assessments Team (Red Team and Pentesting) and Application Security team at eBay. When he is not at work, he is at home souring the web finding security... Read More →

Wednesday January 31, 2018 11:30am - 12:20pm PST
Terrace Lounge