We kicked off the 16th year of the QASIG on Wednesday, January 13th. We are very excited about a new year and facilitating fresh content for and with our colleagues.
David Brown got us started by taking a look at the premier security testing tool, Burp suite, developed by Portswigger. Check out the video on our YouTube channel.
How to Burp
Burp Suite, despite the funny name, is one of the security industry’s most mature and widely used tools. While some say this is mostly a result of the industry’s lack of any other mature or widely used tools, those people are missing the point. By providing a variety of tools, all connected to a robust HTTP proxy, Burp Suite strikes a careful balance between automating only tedious or time consuming aspects of security testing websites and services, freeing testers to focus on the more important (read: fun) aspects of any given test. We’ll take a tour through Burp, focusing on features available in
the free version of the Suite along with some of the more useful plugins available through the (mostly free) appstore.
About our speaker: David Brown – Senior Security Engineer @ Security Innovation, Inc.
David has amassed expansive expertise in secure software development, mobile platform security and enterprise authentication/authorization. At Security Innovation, David uses this expertise to identify vulnerabilities and weaknesses in enterprise software applications, complex networked systems, cloud applications, web applications and mobile applications. He has worked on projects for companies such as Adobe, Amazon, Kronos, Microsoft, and Symantec.
Prior to joining Security Innovation, David held various positions for the Boeing Corporation including Security Analyst and System Design/Integration Specialist. His primary focus was application and mobile security, responsible for the development and maintenance of security guidance for internal application developers and IT across the company. He also analyzed various mobile platforms, developed security policies for data handling and mobile application development, and led the security review and assessment of a critical iOS application deployment that delivered highly sensitive data to a high-target user base.
David earned a B.S. in Computer Science from the University of Houston, which was fully funded by academic scholarships.
Details about our March QASIG will be posted soon… stay tuned!