Beyond Automated Testing provides a brief overview of how to properly perform an assessment by refusing to rely solely on automated tools. Topics covered include how to read between the lines of scan reports, finding the things that are missed by tools commonly used, and how to look for things that an automated tool may never see. A series of common vulnerabilities and PenTest findings are discussed, including how they were identified, why a scanner is unable to find them, and resources are provided to help the audience learn and develop the skills for themselves. (50 minute)
Zack Meyers (@b3armunch) is a business oriented guy that then became a motivated InfoSec geek after getting started as a continuous monitoring vulnerability analyst. Shortly after, he took an interest in the offensive side of security work and currently works as an Offensive Security Engineer at BreakPoint Labs. Today he is always looking to learn about new techniques and tools that can help him identify his next big vulnerability finding. He is currently a member of Primal Security Blog | Podcast and holds several security certifications including OSCP, CISSP, GWAPT, GPEN, GCIH, etc.
Luke Hudson (@3z5tuff) is a security engineer who is currently working to sharpen his skills in the offensive security domain while acting as a web application penetration tester for numerous private and public organizations. He is one of the founders and lead authors of Primal Security Blog | Podcast, and currently works as an Offensive Security Engineer at BreakPoint Labs. He is focused on learning and creating useful information aimed at fellow security professionals who are passionate about their industry