• Penetration testers can only assess the attack surface they can see

    • Attack Surface Detector is a set of open source tools that can identify web application attack surface through static code analysis, making the data easy to leverage in dynamic testing

    • Penetration testers can also highlight differences in attack surface between two different versions of an application

    ..And more.

The Speaker
Drew Kirkpatrick

NopSec's Security Researcher & Penetration Tester. Drew has over 15 years of experience designing and building complex systems including application security tools, network management, cyber curriculum development, and transit and aerospace systems. These days he works to improve information security and software assurance by applying ethical hacking and computer science to build better automation tools and to assess the security posture of NopSec clients. Before joining NopSec, he was a Security Researcher at Secure Decisions and a Senior Computer Scientist in the U.S. Navy Human-Computer Interaction (HCI) Laboratory. He is a certified GWAPT and OSCP, and a member of the GIAC Advisory Board. He received his B.A. in Psychology & Economics from St. Mary’s College of Maryland, and Master’s degrees in Computer Science & Computer Information Systems from Florida Institute of Technology.