Dana Epp

Dana Epp

Lead Security Researcher at Vulscan Digital Security

Dana has spent decades as a security architect that focuses on helping secure software, data, and infrastructure. You might say he’s been on and led Blue and Red Teams well before it was even a thing. When he’s not helping to build and grow software companies focused on developing security tools he’s advising others on how to build and break their own applications and environments. As both a Microsoft Regional Director and Security MVP, he spends a great deal of time on security (de)engineering in the cloud.

Lately, he’s challenged himself to be more on Purple team, shifting more on his offensive tradecraft to help developers and IT administrators see the demonstrable impact of exploitation on vulnerabilities in their work. He is a director of OWASP Vancouver, and is the #1 ranked Canadian hacker on TryHackMe where he teaches others how to hack apps and infrastructure.

Presentation Abstract

The 7 deadly sins of appsec red teams and how to avoid them

Application Security testing is more than a checklist. A good red team can help identify weaknesses not only in the applications under test but the infrastructure and blue team’s incident response capabilities. However, when engagements aren’t properly goal oriented and focused on detection and response as a requirement, things can go sideways rather quickly.

In this presentation, Dana will explore the 7 deadly sins he’s seen in the real world when it comes to appsec red teams, and discuss what you can do to avoid them. If you don’t currently use appsec red teams, this session will open your eyes to reasons why you should consider them, and how to use them successfully.