This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Front Range OWASP Conference 2013/Sessions/Sess1 Tech1

Jump to: navigation, search

DevFu: The inner ninja in every application developer

Many times we try to draw a distinct line between developers and penetration testers. This creates a barrier that developers often feel intimidated to cross. The truth is that developers have an innate ability and perspective to become great penetration testers themselves.

Developers in the security industry carry a unique toolset as ethical hackers / security consultants that sets them apart from traditional penetration testers. By incorporating these skills as developers and combining them with the understanding and experience of building applications, developers can take web application penetration testing a step further than the rest.

This presentation will go over the various aspects to the developer DevFu toolbox including: deep programming knowledge, ability to write scripts on the fly, common shortcuts and their pitfalls, speaking the language, and secure coding practices. We will go over specific examples of scripts that increase productivity and extend functionality of existing pen testing programs.

Slides Video

Danny Chrastil

Danny Chrastil is a security consultant with BT Assure who has specialized in information security for over 3 years. Danny has a strong background in application development and server administration which led him into the security field after being asked to remediate a compromised server for a large eCommerce application. Using his experience as both a security consultant and programmer, Danny works with developers on the awareness of security principles and their importance within the development lifecycle.
Danny Chrastil