Welcome to our chapter website!

Established in 1991, the mission of the Ottawa Chapter of the Information Systems Security Association (ISSA) is to provide a friendly, interactive environment for those with an interest in information security. Through meetings, guest speakers, discussion forums, this website and the concerted efforts of our members, we strive to accomplish this goal. These local Chapter level benefits are augmented by the advantages of membership in ISSA International which provides an e-newsletter, educational online webinars, and partnerships with other IT security organizations many of whom offer discounts to ISSA members.

All of this is aimed towards helping members be more effective in their work both technically and personally, and towards providing professional development opportunities.

 

NEXT CHAPTER MEETING

2018-11-29 - ISSA Ottawa Nov Chapter Meeting

November 29, 2018
5:30 PM - 8:30 PM

 Add to Calendar

Ottawa Conference and Event Centre
200 Coventry Road
Ottawa, ON K1K 4S3
Venue website

Please note that our November event will be held at the
Ottawa Conference and event Centre, room 210.
A cash bar will be available.

Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-box Web Application Vulnerability Scanners.

Web application vulnerability scanners are automated tools that are used to crawl a web application to look for vulnerabilities. These tools are often used in one of two ways.

Point-and-Shoot (PaS) mode: In this approach the scanner is only given the root URL of an application and asked to scan the site.
Trained mode: In this approach the scanner is first configured and trained to maximize the crawling coverage and vulnerability detection accuracy.

Although the performance of leading commercial scanners has been thoroughly studied, very little research has been done to evaluate open-source scanners. With so many open-source web application vulnerability scanners available, how do you choose which scanner to use? Is it worthwhile to make the investment in configuring and training your scanner or should you stick with the PaS approach? Are there any critical limitations associated with the open-source scanners?

This talk presents the results of a feature and performance comparison of five leading open-source scanners run in both PaS and Trained modes. We analyze the crawling coverage, vulnerability detection accuracy, scanning speed, reporting and usability features of the scanners. The talk will share:

Differences in crawling coverage, vulnerability detection accuracy and speed when scanners are run in PaS and Trained modes.
Tasks that were critical in maximizing the crawling coverage and vulnerability detection accuracy.
Web technologies that scanners had difficulty crawling.
Classes of vulnerabilities that were not detected by the scanners.

We will also compare the performance of the tested scanners with the well-known commercial scanner Burp Suite Professional to determine if commercial scanners have a significant added value compared to open-source scanners.


Rana Khalil

Rana is a graduate student at the University of Ottawa currently finishing a master’s degree in Computer Science with a thesis focus on evaluating the performance of open-source web application vulnerability scanners. Rana has a diverse professional background with experience in software development, penetration testing, malware analysis and teaching. She has also been a long-term advocate for women in STEM. She held several positions at the University of Ottawa in various associations promoting and encouraging women in all STEM fields. Most recently, she was part of a panel of security professionals held by the Anita Borg organization for women interested in cybersecurity. She also taught an interactive workshop introducing women, from various professional backgrounds, to web application penetration testing.

 


Agenda

5:30 pm - Doors open for check-in/ Networking
6:00 pm - Dinner is served along with a brief welcome
6:10 pm - Presentation
8:30 pm – End of the event

 

NOTES

Parking:   The Ottawa Conference and Event Centre offers plenty of free parking.
Bus travellers:   You can exit the bus at the Ottawa Train Station and take the pedestrian bridge over the Queensway to the Ottawa Conference and Event Centre.

Registration will close on Monday, November 26, 2018 at 17:00 hrs

  • All successful registrations will result in a confirmation screen and followed by a confirmation e-mail from ISSA Ottawa.  If a confirmation e-mail is NOT received, please contact registration@issa-ottawa.ca
  •   (when you pay online, don't forget to click on the "Return to Merchant" buton at the bottom, at the completion of the PayPal process)  
  • Only online registrations and payments will be accepted.

 

  • Member registration - for ISSA members only - please login in order to register with the ISSA Member discount
  • Non-member registration - please use the CONTINUE AS GUEST link to register
  • Please note that due to the cost of pre-ordering meals, we request a minimum of 72 hours notice for cancellation prior to the event.
  • We cannot guarantee meals for registrations at the door or within 72 hours of the event.
  • We use PayPal: fast, easy and secure
  • CPE points can be recorded for attending, according to the relevant certification guidelines for CPE reporting

 

Register Now