Syllogistic Application Testing

Most of what the industry is providing in "black box" application security testing today is invalid. This talk will attempt to demonstrate ways we can be more consistant, more thorough, and more honest about the results from "black box" application security testing.

At this talk we will provide insights we've learned from performing application testing, writing application testing tools, and the OSSTMM (3.0) methodology for for application testing.

This will be the first public demonstration of the Cruiser web application testing tool.


Robert E. Lee serves as Dyad Security's Chief Technical Officer. Robert's primary roles include the management and guidance of the security testing team, technology and software development, and education programs. Robert functions as the primary technical contact interfacing with clients for Dyad.

When founding Dyad Security, Robert brought with him knowledge of the Value Added Reseller (VAR), consulting, and technical start up spaces. His consulting experience was developed and refined during his time with General Electric-GE Access, Advanced Systems Group, and Enterprise Computing Solutions. Robert's extensive consulting background comprises eight years of service to fortune 1000 companies. His role as an industry consultant was focused on Disaster Recovery, High Availability, and Business Continuity projects. His expertise in leading teams and directing projects has resulted in some of the most reliable computing environments in the world. Robert is a contributing author to the OSSTMM, Unicornscan, and Cruiser projects.

Robert was accepted on scholarship at the age of 17 to Brigham Young University where he studied French Horn Performance and Computer Science. Robert maintains his OSSTMM Professional Security Tester (OPST) & OSSTMM Professional Security Analyst (OPSA) certifications from the Institute for Security and Open Methodologies (ISECOM).