Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 25 • 10:30am - 11:20am
DASTProxy: Don’t let your automated security testing program stall on crawl. Instead focus on business context.

Sign up or log in to save this to your schedule and see who's attending!

Many automated security programs look at crawling through a website before testing as a measure to build security automation. However, such an approach has limited success when you are dealing with huge applications that have numerous teams working on modular components or subsections. At eBay, it was instantly clear that such an approach was doomed to fail. Instead the Secure Development Life Cycle Team leveraged the knowledge and business context that our product development teams had built into functional testing, to enhance our dynamic security testing automation. This let us further our goal to make security a responsibility of every product development team at eBay. This talk is about our journey and the open sourced automation framework (https://github.com/eBay/DASTProxy) that we built to make our dreams and goals a reality.

Speakers
avatar for Srinivasa Rao

Srinivasa Rao

Information Security Engineer, eBay
Srinivasa Rao is an Information Security Engineer in AppSec at eBay, responsible for developing applications and tools for Secure Product Life Cycle (SPLC) and SecDevOps. He is a full-stack developer who enjoys coding using java, grails/groovy, angularJS and interacting with relational databases. He is a Computer Science Engineer with experience in Finance, IT, SCM and Identity Management domains.
avatar for Kiran  Shirali

Kiran Shirali

Senior Security Engineer, Red Team, eBay
Kiran Shirali is a Senior Security Engineer in eBay’s Red Team. During the day, he is scouring eBay’s networks and applications for flaws that could lead hackers get access to critical assets. He is also involved in various other initiatives that help on the defensive side of security and is a supporter of automation and baking security into all processes and development activities within eBay. When he is not at work he loves to spend... Read More →



Wednesday January 25, 2017 10:30am - 11:20am
Terrace Lounge

Attendees (15)