Travis has 10 years of experience in information security roles. Starting out as a Network Administrator and later SOC Analyst he has built his experience and knowledge up through blue teaming before deciding to try out offensive security. Travis has spent the past 2 years as a penetration tester primarily focused in application security with Cigital/Synopsys and now Walmart.
From Web App to ATM: Why the Basics Matter
This is a technical application security discussion for junior penetration testers or anyone interested in the world of penetration testing. Advanced members of the community are welcome, but the content is geared at newer testers. From Web App to ATM will showcase a penetration test I performed where the only previous work done was web vulnerability scanners that completely missed the iceberg lurking just below the water. In this talk I will cover some “back to basics” of web app security and show real world examples of critical applications exposing these flaws. Unauthenticated APIs, forceful browsing, privilege escalation, and total ownage of ATMs managed by this app are all up for discussion.
Come see Travis at RVAsec! Register Now.
Will Gragido is a seasoned security professional with over 20 years’ experience in networking and information security. Will’s extensive background is the result of his service as a United States Marine, a consultant with the world renowned International Network Services, Internet Security Systems (now IBM ISS), McAfee, Damballa, Cassandra Security, RSA NetWitness, Carbon Black, Digital Shadows and now Digital Guardian where he leads the organization’s Advanced Threat Protection Product Line as its Director. Lead author and co-author of three Syngress Press titles
Ksenia Peguero is a Sr. Research Lead within Synopsys Software Integrity Group. She has eight years of experience in application security and five years in software development. Ksenia is a subject matter expert in static analysis and JavaScript frameworks and technologies. Before diving into research, she worked in a variety of software security practices including penetration testing, threat modeling, code review, static analysis tool design, customization, and deployment. Over the years, she performed numerous engagements for clients in financial services, entertainment, telecommunications, energy, and enterprise security industries. Throughout her consulting career, Ksenia has established and evolved secure coding guidance for many different firms, and has delivered numerous software security training sessions. Ksenia speaks regularly at events around the world, such as BSides Security in London, Nullcon in India, RSA in Singapore, and AppSec Europe in Italy. She has also served on review boards of AppSec USA and AppSec EU conferences.
Bob Siegel is the president and founder of Privacy Ref. Starting Privacy Ref in 2012, Bob took his experience as the Senior Manager of Worldwide Privacy and Compliance at Staples, Inc. and applied that to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs. Seeking to always improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology privacy and privacy program management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP’s Certification Advisory Board for the CIPM program and the IAPP’s Publication Advisory Board. Bob Siegel currently maintains his blog at Privacy Ref, but is also a writer at CISO.com. You can find his blog, Operational Privacy on CISO.com
ntelligence Manager at