Contact Us   |   Print Page   |   Sign In   |   Register
Raleigh ISSA October 6th 2016 Chapter Meeting
Tell a Friend About This EventTell a Friend

When: Thursday 5:15PM RTP HQ
Where: RTP Headquarters/Conference Center
12 Davis Drive
Research Triangle Park, North Carolina  27709
United States
Contact: Raleigh ISSA voting board

Online registration is closed.
« Go to Upcoming Event List  

Raleigh ISSA THURSDAY October 6, 2016 Chapter Meeting

Meeting Sponsor -Raleigh ISSA




5:15 – 6:00pm Career Services (Conference Room 1)

5:15 – 6:00pm CISSP Study Group (Conference Room 2)

5:15 – 6:00pm Back-to-Basics (Main Room) - Andrea Currie - Security Clearances

6:00 – 6:45pm Food/ Drink / Socializing (Lobby)

6:45 – 7:00pm Board Updates (Main Room)

7:00 – 8:30pm Main Presentation (Main Room)  - Burp Suite: A Comprehensive Guide to Web Pen Testing - Josh Schroeder



5:15 Back to Basics

Title: Security Clearances

Speaker: Andrea Currie



7:00 State Of The Art(SOTA) -   Main Presentation

Title:  Burp Suite: A Comprehensive Guide to Web Pen Testing


Speaker:  Josh Schroeder 


Joshua currently works as a Senior Security Analyst in the Washington DC Area. He has a Masters degree from UNC Charlotte in Security and Privacy, were he was the also the founder of the student ISSA chapter, 49th Security Division and recipient of the ISSA Scholarship. Other worked for the Federal Reserve Board as a Analyst doing Unix administration, Internships doing security devops and pen testing and running his own consulting firm. In his free time he enjoys trying new foods, traveling, and helping others get into security.


This presentation will show some of the features of the Burp Suite and how to use it to test devices that have web authentication. Joshua will walk though how to setup and use of the target window to store proxy requests, how to sent and replay those requests with the repeater, intruder, and sequencer windows to test the sites for vulnerabilities. His talk will explain how to analyze and view responses as we modify packets on the fly.  By using examples of OWASP top 10 vulnerabilities he will show how Burp helps bypass site XSS and SQL injection checking, directory traversal, client side login checks, and find non-random sessions keys.

The last part the presentation will demo how Burp successfully allowed Joshua to bypass the web authentication on an Iomega Network
Access System (NAS) 
drive. Without knowing the details of the CVE, he will upload a backdoor to the NAS and gain root so that he could use it as a pivot point and mount other attacks into the victims network. If attendees would like to follow along they can download the free version of Burp from:

Community Search
Sign In


ISSA International Series Webinar: Cloud Services and Enterprise Integrations

8/4/2018 » 8/9/2018
Black Hat USA 2018

10/17/2018 » 10/18/2018
2018 ISSA International Conference

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information