Wyatt Harvey

Wyatt Harvey

Senior Cybersecurity Consultant & Penetration Tester - Websec Information Security Services

Wyatt is a distinguished cybersecurity expert with over five years of in-depth experience dedicated to protecting organizations from digital vulnerabilities. As a Senior Cybersecurity Consultant and Penetration Tester at Websec Information Security Services, Wyatt specializes in fortifying the cybersecurity defenses of businesses of all sizes, government entities, and organizations across various sectors. His proficiency encompasses conducting extensive security assessments tailored to the unique needs of applications, networks, and through social engineering assessments, ensuring vulnerabilities are identified and remediated comprehensively.

Holding credentials as a Burp Suite Certified Practitioner (BSCP) and Certified Red Team Professional (CRTP), Wyatt employs state-of-the-art tools and methodologies to uncover and exploit security gaps, offering actionable solutions for timely vulnerability management. His collaboration with clients across diverse regions has enriched him with a versatile understanding of securing varied infrastructures, allowing him to provide bespoke security solutions that align with specific business goals and compliance demands.

Since July 2021, Wyatt has proudly served on the board of the Victoria chapter of the Open Worldwide Application Security Project (OWASP), where he is deeply committed to advancing cybersecurity awareness and facilitating the exchange of knowledge. Through his efforts in organizing speaking engagements and interactive workshops, he plays a pivotal role in the professional growth and education of cybersecurity practitioners worldwide.

Passionate about fostering the development of new talent in the field, Wyatt designs and conducts workshops focused on practical penetration testing skills, preparing participants to effectively counteract contemporary cyber threats. His dedication to ongoing training and professional development ensures he remains at the forefront of cybersecurity innovation, ready to navigate the challenges of the ever-changing threat landscape.

Presentation Abstract

Web Application Penetration Testing Techniques: From Basics to Integrated Threats

Penetration testing plays a vital role in identifying and reinforcing potential weaknesses in cybersecurity defenses by simulating cyber attacks. This presentation simplifies complex concepts into an engaging format ideal for professionals aiming to enhance their skills or break into the field of cybersecurity.

Featuring a streamlined slide deck and supporting video demos from real-world labs, the session is structured as follows:

Introduction to Core Vulnerabilities: A walkthrough of fundamental labs that introduce common vulnerabilities, such as Stored Cross-Site Scripting (XSS).

Demonstrations on exploiting these vulnerabilities to trigger basic scripts such as alert pop-ups, serving as a foundation for more advanced techniques.

Elevating Exploitation Tactics: Advancing from basic exploits to sophisticated attacks, such as using obfuscated JavaScript to covertly harvest session tokens and credentials.

Detailed construction of complex payloads that disrupt significant webpage functionalities, emphasizing the necessity of user interaction for deeper impact.

Integrating Multiple Vulnerabilities: Techniques to combine several vulnerabilities to enhance the severity and scope of cyber attacks, illustrating the layered risks these vulnerabilities create when chained.

Examples of how such integrated attacks can lead to comprehensive unauthorized access, major data breaches, and critical lapses in security protocols.

Interactive Discussion and Q&A: The session will conclude with a Q&A segment, offering participants the opportunity to discuss the techniques covered, explore further applications, and clarify any points presented.

Attendees will gain insights into both the tactical execution of individual exploits and the strategic application of chaining vulnerabilities to magnify threats. This presentation will demonstrate thorough and effective penetration testing techniques that reflect complex, real-world attack scenarios.

Web Application Hacking: A Practical Burp Suite Workshop

This three-hour workshop offers an in-depth exploration of web application hacking through the use of Burp Suite, addressing both fundamental and advanced tools. Designed for both novices and experienced professionals, the session seamlessly integrates theoretical background with practical hands-on labs, focusing on applying tools in various security testing scenarios.