Published on August 18th, 2011 | by NJ Ouchn0
Black Hat USA 2011: ToolsTube with Chuck Willis on OWASP Broken Web Applications
The Open Web Application Security Project (OWASP) Broken Web Applications project (www.owaspbwa.org) provides a free and open source virtual machine loaded with web applications containing security vulnerabilities. This session will showcase the project and exhibit how it can be used for training, testing, and experimentation by people in a variety of roles.
Demonstrations will cover how the project can be used by penetration testers who discover and exploit web application vulnerabilities, by developers and others who prevent and defend against web application attacks, and by individuals who respond to web application incidents.
Chuck Willis is a Technical Director with MANDIANT, a full spectrum information security company in Alexandria, Virginia. At MANDIANT, Mr. Willis concentrates in several areas including application security, where he assesses the security of sensitive software applications through external testing and static analysis. He also studies static analysis tools and techniques and strives to identify better ways to evaluate and secure software. Mr. Willis is the leader of the OWASP Broken Web Applications project, which distributes a virtual machine with known vulnerable web applications for testing and training.