Session: Human or Machine? The Voight-Kampff Test for Discovering Web Application Vulnerabilities
The web application security industry has exploded with tools and services that identify thousands of bugs. But how can you tell which vulnerabilities are found through automated tools and which require human expertise to identify? This talk will break down the vulnerabilities that only humans can find, including IDOR, race conditions, business logic bypasses, and chained exploits. Leveraging data from Cobalt.io’s pentester CORE, we will examine the methodologies behind human-found flaws and demonstrate why business context is king. Attendees will walk away with a web application Voight-Kampff test to understand how humans and machines interact to find vulnerabilities.
Vanessa Sauter is a security strategy analyst at Cobalt.io, a Pentest as a Service company. She previously worked at the Brookings Institution and the Aspen Institute in Washington, D.C., where she specialized in cybersecurity policy and national security law. Her interest in vulnerabilities stems from her work researching and writing about APTs for numerous publications. Vanessa graduated from Columbia University in 2016 and worked at Columbia’s Graduate School of Journalism for three years.