Director of Research
Arshan Dabirsiaghi is the Director of Research at Aspect Security. Arshan specializes in advanced Web security including Web 2.0, rich input validation and next generation exploit development. In addition to his penetration testing and code review responsibilities, Arshan is an instructor for Aspectís portfolio of Application Security Courses. While only recently out of college, Arshan has mastered a variety of exceptional Web application security classes for Fortune 500, large financial, and leading shipping and supply chain corporations. These courses include those highlighting Java/J2EE and AJAX based security training, as well as general and advanced Web application oriented classes and the security class for managers. Arshan has delivered tutorials at BlackHat in 2007/2008, OWASP 2008 NY and Belgium. Arshan is also the author of the OWASP AntiSamy project. His wit and technical expertise made him a shoe-in as a featured speaker at the 2007 OWASP/WASC San Jose conference.
Topic:
The Limits of Perspective and Cloaked Vulnerabilities
There are 4 ways of testing an application - manual and automated code review and manual and automated fault injection. Each can be thought of as a perspective, and is therefore, by definition, limited in some way. The talk will look at the wrong ways people have traditionally tried to summarize the weaknesses of certain perspectives. It will also show the extreme difference between the marketed theoretical strengths of certain perspectives and the reality of their limitations, of both technical and practical natures. We will also demonstrate strengths the current generation of tools have not implemented.