Path X: Explosive Security Testing Tools with XPath

PDF | ODP | PPT | Video | Paper

Abstract: This talk will cover what XPath is, how it is used to parse XML in web applications in order to aid security testing tools, and why XPath expressions are good locators in comparison to other methods such as DOM or CSS selectors. The presenters will attempt to demonstrate how XPath can be used for good instead of being targeted with injection or blind XPath injection attacks.

2008-02-17 — ShmooCon 2008

Continuous Prevention Testing

PDF | ODP | PPT | Video

Abstract: Continuous testing presents methodologies and tools that developers, quality engineers, and security professionals can all share and use effectively to their own unique approach. The tools presented are cross-discipline, meaning they can be utilized by a developer as a development tool, by a qa-tester as a quality assurance tool, and by a vulnerability assessor as a security assurance tool. Whether you’re trying to build better code faster, demonstrate the power of automated testing using a data-driven test framework, or find security-related defects — Continuous testing has something for you.

2007-10-19 — ToorCon 9