Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Finding the vulnerability first and fast

Kevin Poniatowski (Security Innovation)
9:00am–12:30pm Monday, October 30, 2017
Teachable moments
Location: Regent

Who is this presentation for?

  • Security professionals, developers, QA testers, project managers, or anyone interested in finding web vulnerabilities

Prerequisite knowledge

  • Familiarity with web development (useful but not required)

Materials or downloads needed in advance

  • A WiFi-enabled laptop with the following optional browser plugins and web proxy tools installed:
    • Browser plugins (Chrome): EditThisCookie, Tamper Chrome, and Foxy Proxy Standard
    • Browser plugins (Firefox): Cookies Manager+, Tamper Data, HackBar, Foxy Proxy Standard, and Leet Key
    • Web proxy tools: Burp Free and OWASP ZAP

What you'll learn

  • Learn how to find common web vulnerabilities quicker and more thoroughly using data collection and planning techniques


Data collection and planning are the key elements to quickly finding common web vulnerabilities. Kevin Poniatowski teaches you how to shorten the time it takes to find common web vulnerabilities while also decreasing the risk of an OWASP Top 10 vulnerability making it into the production server, demonstrating how to collect useful data that will reveal where the vulnerabilities are hiding. Along the way, Kevin offers an overview of useful tools. The goal is to change your behavior so that finding web vulnerabilities becomes intuitive.

Photo of Kevin Poniatowski

Kevin Poniatowski

Security Innovation

Kevin Poniatowski is senior security instructor and engineer at Security Innovation. Kevin has spent the last 20 years teaching developers in 10 countries across a wide range of organizations—including the Department of Defense and major Fortune 500 companies such as HP, Amazon, VMware, Sophos, Intuit, SWIFT, Walgreens, TMX, and Liberty Mutual—the intricacies of how to create hack-resistant applications. Name a security problem. Not only has Kevin seen it, but he’s taught some of the best developers in the world how to prevent and defend against it.