Introduction In Assessing And Exploiting Web Applications With Samurai-Wtf Livecd presented at BruCON 2010

by Justin Searle (InGuardians),

Tags: Security Others Application Security

Summary : The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Justin Searle: Justin Searle, a Senior Security Analyst with InGuardians, specializes in penetration testing and security architecture. Justin currently leads the Smart Grid Architecture group of the Cybersecurity Coordination Task Group (CSCTG) for the National Institute of Standards and Technologies (NIST) and serves as a member of the Architecture Board for the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG) group. Previously, Justin served as JetBlue Airway’s IT Security Architect and has provided top-tier support for the largest supercomputers in the world. Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities and corporations. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. In his rapidly dwindling spare time, Justin co-leads prominent open source projects including The Middler, Samurai Web Testing Framework, and the social networking pentest tools: Yokoso! and Laudnum. Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA).