Geoff Walton
Practice Lead, Application Security
Experience
Geoff Walton is a Senior Security Consultant for Cleveland-based TrustedSec. He joined TrustedSec’s founder, David Kennedy, after years of working in information security. Geoff’s expertise in pen testing, network security, and software analysis comes from over ten years experience in a variety of information technology roles including software development, network operations, and information security specific functions; Geoff brings a broad vision to assessments and penetration test engagements. Geoff has been part of diverse IT teams at organizations both large and small. He has experience across several industries including retail, professional services, and manufacturing. Geoff has experience in performing static code analysis of mainframe code base to including Cobol. Geoff holds a degree in Information Science (cum Laude) from Baldwin Wallace College. Professionally Geoff has had an active role in developing information Security practices and has been responsible for network operations and security architecture throughout his career.
Education & Certifications
- B.S. Information Science, minor Computer Science, Baldwin Wallace College
- Certified Information Systems Security Professional (CISSP)
Industry Contributions
Developer, DerbyCon CTF Administrator, DerbyCon CTF
Passion for Security
Geoff has been responsible for a number of professional accomplishments including having sole assessment responsibility for environments such as financial institutions, Internet Companies, and Universities. His assessment experience includes clients in multiple lines of business ranging from healthcare, finance, insurance, education, and software development.
Recent Blog Posts
The Plugin: https://github.com/GeoffWalton/UUID-Watcher Some time ago on the TrustedSec Security Podcast, I shared a Burp Suite plugin I developed to hunt Insecure Direct Object Reference (IDOR) issues where applications might be using UUIDs or GUIDs (unique identifiers) as keys, assuming discovery attacks will not be possible. The plugin produces a report that helps identify which...
Read
As the web application footprint migrates client-side, tools to thoroughly analyze and test client behavior are becoming increasingly important. Burp Suite has made some great strides in this direction with their browser-based enhancements to crawling and scanning, but when it comes time to really dig into the particulars for research, we are still very much...
Read
So, who is testing the client-side components of Single Page Applications (SPAs)? What are you doing exactly, dropping a few cross-site scripting (XSS) polyglots into boxes like you used to do with “<ScRiPt>alert(123)</sCrIpT>” for traditional apps back in 2001? Are you mostly holding out hope that all big problems will be in the back-end APIs?...
Read
Recent Webinars
During this practical webinar, the TrustedSec Software Security Team will provide a basic introduction to modern software security and give tips to help get the most out of your organization’s next security assessment. We’ll examine how the practice of software...