Geoff Walton

Practice Lead, Application Security

Experience

Geoff Walton is a Senior Security Consultant for Cleveland-based TrustedSec. He joined TrustedSec’s founder, David Kennedy, after years of working in information security. Geoff’s expertise in pen testing, network security, and software analysis comes from over ten years experience in a variety of information technology roles including software development, network operations, and information security specific functions; Geoff brings a broad vision to assessments and penetration test engagements. Geoff has been part of diverse IT teams at organizations both large and small. He has experience across several industries including retail, professional services, and manufacturing. Geoff has experience in performing static code analysis of mainframe code base to including Cobol. Geoff holds a degree in Information Science (cum Laude) from Baldwin Wallace College. Professionally Geoff has had an active role in developing information Security practices and has been responsible for network operations and security architecture throughout his career.

Education & Certifications

  • B.S. Information Science, minor Computer Science, Baldwin Wallace College
  • Certified Information Systems Security Professional (CISSP)

Industry Contributions

Developer, DerbyCon CTF Administrator, DerbyCon CTF

Passion for Security

Geoff has been responsible for a number of professional accomplishments including having sole assessment responsibility for environments such as financial institutions, Internet Companies, and Universities. His assessment experience includes clients in multiple lines of business ranging from healthcare, finance, insurance, education, and software development.

Recent Blog Posts

Watch Out for UUIDs in Request Parameters

The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which...
Read

More Options for Response Modification -With ResponseTinker

As the web application footprint migrates client-side, tools to thoroughly analyze and test client behavior are becoming increasingly important. Burp Suite has made some great strides in this direction with their browser-based enhancements to crawling and scanning, but when it comes time to really dig into the particulars for research, we are still very much...
Read

Fuzzing the Front End!

So, who is testing the client-side components of Single Page Applications (SPAs)? What are you doing exactly, dropping a few cross-site scripting (XSS) polyglots into boxes like you used to do with “<ScRiPt>alert(123)</sCrIpT>” for traditional apps back in 2001?  Are you mostly holding out hope that all big problems will be in the back-end APIs?...
Read
View all posts from Geoff

Recent Webinars

Seeing the Entire Software Security Picture

During this practical webinar, the TrustedSec Software Security Team will provide a basic introduction to modern software security and give tips to help get the most out of your organization’s next security assessment. We’ll examine how the practice of software...
View all webinars from Geoff

Recent Podcasts

Want to work with Geoff Walton or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us