OWASP Austin Chapter Monthly Meeting – February 2020
February 25 @ 11:30 AM - 1:00 PM
Title: Using Nmap’s XSLT switch to better organize result scan data
Nmap is an old-friend and one of the most-used tools in our box. On scans against large-scale networks, identifying ports with web applications might be easy using some common command line switches, but gathering the normal output to enumerate and identify targets is difficult. This talk is about using Nmap’s XML output switch combined with customized XSLT documents to save time and organize the output in a format, such as CSV, that provides penetration testers with richer analysis capabilities or even HTML that is “report ready”. We will look more closely at the XML output that Nmap provides (including NSE data) and learn how XSLT can be harnessed to derive usable custom documents.
This talk will have application to some or all of the following OWASP Testing procedures: ASVS 9 Communication Security Requirements (9.1.1, 9.2.2) OTG-INFO-004 Enumerate Applications on Web Server OTG-CONFIG-006 Test HTTP Methods OTG-CRYPST-001 Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection …others, as NSE scripts are applicable and the Penetration Testing Execution Standard
Speaker: Mark Spears
Mark Spears is a Sr. Security Consultant for Solis Security – an Austin-based security firm that performs DFIR, GRC, MSSP, and Penetration Testing where he currently leads the Red Team doing a lot IP-based and Web Application testing while mentoring his younger peers.
Throughout Mark’s 20+ years in the industry, he has been a:
- Programmer in a wide range of compiled and scripted languages but focused mainly on the Microsoft stack
- Teacher at different schools on all topics of database design, coding, and web development.
- Entrepreneur who wrote payments software as a Level 1 PCI Gateway and acting CISO for 8 years until helping bring the company to a sale.
- Virtual CISO for several companies simultaneously including multiple banks providing monthly security services, audit support, and annual Risk Assessments based on GLBA or other needed compliance frameworks.
- Constant student and teacher seeking mentors while mentoring.
Food: Taco Deli. Arriving at 11:30 AM gives you time to get some food and find a seat. We try to start the meeting around 11:50 AM.