Hi [[ session.user.profile.firstName ]]

Building your own Zombie Horde - Dynamic Web Scanning at Massive Scale

In the 12 years since automated dynamic application scanning tools have been available, DAST has gone from something a few in the know were doing to something everyone is doing, but are we really all scanning our web applications? The number of hacks would suggest either the tools are broken or we really are not scanning enough. To understand what was really going on I met with dozens of fortune 100 security and learned that on average only the top 1% of web applications at a fortune 100 company are being aggressively tested both manually and using automated tools but the rest are often going without any security testing at all. Reasons given were that it was just too cumbersome of a task, scanning that number of sites would be impossible and at the current pace would take years to assess everything. Clearly a better solution is needed.

In my talk I'll discuss the modern enterprise challenges that stand in the way of assessing thousands of web applications rapidly in parallel, the trade offs that have to be made as well as those that don't and why you have no excuse to be scanning everything. I'll detail the cloud computing platforms I researched and choose and the key things to consider when attempting to do anything at scale. Finally I will review the results of a project that started with over 30,000 hosts and ultimately ended with a fully automated assessment of almost 3000 sites in less than 2 weeks time.
Recorded Feb 27 2012 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Erik Peterson
Presentation preview: Building your own Zombie Horde - Dynamic Web Scanning at Massive Scale

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
Presentations from the BSides Events and Beyond
Presentations from the BSides Events and Beyond

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Building your own Zombie Horde - Dynamic Web Scanning at Massive Scale
  • Live at: Feb 27 2012 11:00 pm
  • Presented by: Erik Peterson
  • From:
Your email has been sent.
or close