Back To Schedule
Wednesday, January 25 • 10:30am - 11:20am
DASTProxy: Don’t let your automated security testing program stall on crawl. Instead focus on business context.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Many automated security programs look at crawling through a website before testing as a measure to build security automation. However, such an approach has limited success when you are dealing with huge applications that have numerous teams working on modular components or subsections. At eBay, it was instantly clear that such an approach was doomed to fail. Instead the Secure Development Life Cycle Team leveraged the knowledge and business context that our product development teams had built into functional testing, to enhance our dynamic security testing automation. This let us further our goal to make security a responsibility of every product development team at eBay. This talk is about our journey and the open sourced automation framework (https://github.com/eBay/DASTProxy) that we built to make our dreams and goals a reality.

avatar for Srinivasa Rao Chirathanagandla

Srinivasa Rao Chirathanagandla

Senior Software Engineer, eBay
Srinivasa Rao is an Information Security Engineer in AppSec at eBay, responsible for developing applications and tools for Secure Product Life Cycle (SPLC) and SecDevOps. He is a full-stack developer who enjoys coding using java, grails/groovy, angularJS and interacting with relational... Read More →
avatar for Kiran Sharadkumar Shirali

Kiran Sharadkumar Shirali

Senior Security Engineer, Red Team, eBay
Kiran Shirali is a Senior Security Engineer in eBay’s Red Team. During the day, he is scouring eBay’s networks and applications for flaws that could lead hackers get access to critical assets. He is also involved in various other initiatives that help on the defensive side of... Read More →

Wednesday January 25, 2017 10:30am - 11:20am PST
Terrace Lounge