Hans Schaefer
Speaker: Lucas Nelson, Symantec Inc.
Lucas Nelson has 10 years of experience in the field of computer security and has worked for Symantec for the past 3 years leading test teams engagements in a variety of services including application penetration tests, code reviews, product penetration tests, application design reviews, as well as teaching classes in cyber attacks. He counts several of the top ten banks and investment firms as his clients along with many large software development companies on the west coast. Some notable work includes assessments of electronic voting machines used in the United States and the wireless infrastructure of a stock exchange. He also leads the Application Security Center of Excellence, which focused on developing application security practices and guidelines as well as the training of new hires in the methodology of application testing, inside of Symantec.
Seminar: How to test web applications using a proxy
Level: Introduction

Using a proxy to test web applications:  Learn to test web applications for common classes of vulnerabilities using OWASP's open source web proxy. Using a live application as a demonstration platform attendees will see how to efficiently test for common issues such as cross-site scripting, SQL injection, business logic errors, and buffer overflows. WebScarab will be used to demonstrate common testing techniques and tricks on a sample web based banking application. Attendees will leave with an understanding of the classes of vulnerabilities common to web applications and how to test for them using a proxy.

Thoughtworks
Sun Microsystem
Telephone: +46-(0)40-602 3295, email: info@oredev.org