Jason Haddix

Talk Title

The Bug Hunter's Methodology Workshop

Abstract

Building on the Bug Hunter's Methodology 1.0 given at Defcon 23, 2.0 brings the newest testing techniques, tools, and vulnerability data to penetration testers and security folk. Dive into new-school advents in discovery, XSS, server-side template injection, server-side request forgery, Code injection (SQLi, PHP, ++), XXE, robbing misconfigured infrastructure, CI, Code repositories, and more!

Bio

Jason is the Head of Trust and Security at Bugcrowd. Jason works with Bugcrowd to improve the security industries relations with the researchers and design award-winning bounty programs for enterprise clients. Jason’s interests and areas of expertise include mobile penetration testing, black box web application auditing, network / infrastructural security assessments, cursory mainframe security analysis, cloud architecture reviews, wireless network assessment, binary reverse engineering, and static analysis. Jason lives in Santa Barbara with his wife and two children.