Syllogistic Application Testing

Most of what the industry is providing in "black box" application security testing today is invalid. This talk will attempt to demonstrate ways we can be more consistant, more thorough, and more honest about the results from "black box" application security testing.

At this talk we will provide insights we've learned from performing application testing, writing application testing tools, and the OSSTMM (3.0) methodology for for application testing.

This will be the first public demonstration of the Cruiser web application testing tool.

Bio

Jack Louis is a Senior Security Researcher for Dyad Security. He has a background in core networking technologies, systems programming, and electronics. Jack is the lead programmer behind unicornscan, a distributed data information engine for the the OSACE project. Jack is also the lead author of cruiser, a web application testing tool in the OSACE suite.

Jack has given lectures on building secure software, offensive programming, and building miscellaneous electronic components to solve a wide variety of problems at hand.

Jack is also an ISECOM OPST & OPSA Certified Instructor.