Category:OWASP Columns

The Articles

 * October 10, 2004 - Mark Burnett - Using Secret Questions


 * October 1, 2004 - Mark Burnett - Blocking Brute Force Attacks


 * January 13, 2004 - Jeff Williams - Let's Sue the Idiots -- Security, Software, Contracts, and Lawyers


 * January 5, 2004 - A Tailored Web Application Security Documentation Framework


 * December 1, 2003 - George Capehart - The Web Services Architecture and Security


 * November 03, 2003 - Jeff Williams - Access Control (aka Authorization) in Your J2EE Application


 * November 4, 2003 - Joe Lima - Authentication in IIS


 * October 27, 2003 - George Capehart - A Tale of Two Systems


 * October 6, 2003 - Jeremy Poteet - Have Your Cake and Eat It Too


 * September 29, 2003 - Jeff Williams - How to Build an HTTP Request Validation Engine for Your J2EE Application


 * September 22, 2003 - Joe Lima - What is IIS Security?


 * September 22, 2003 - George Capehart - There Is More to Securing Web Services Systems Than WS-Security


 * September 15, 2003 - History isn't always pretty and today isn't always inspiring (unless you live in Boston of course)


 * September 8, 2003 - Jeremy Poteet - Be Careful What You Say


 * September 01, 2003 - Jeff Williams - Trustworthy Java - Are Your Apps Bulletproof?

George Capehart
George has been working in computing since DEC, Data General, Texas Instruments and Wang were making minicomputers, tape was made of paper and /dev/tty really was a TeleType machine. Over his career he has been exposed to just about every aspect of IT systems and has done everything from crimping cable to leading an IT group. For the last five years, George has done international consulting focusing on the impact of the paradigm shift induced by the emergence of e-business and EAI on business and technical operations, the risk and trust management issues that accompany this shift, and the implications of all of these for systems security engineering, the risk management process, and the SDLC.

Jeff Williams
Jeff is the CEO of Aspect Security, a leading provider of application security services including security code review, penetration testing, secure development training, and security engineering services. Jeff speaks regularly about application security and leads the Top Ten project for OWASP. In addition, Aspect created WebGoat, and donated it to OWASP to help the community learn about application security. Jeff holds advanced degrees in computer science and human factors, as well as a law degree from Georgetown University.

Joe Lima
Joe Lima has led the product development and support teams at Port80 Software since its inception. He has worked for a variety of Internet, wireless and software development companies, specializing in research and development for server-centric technologies. A lecturer at the University of California, San Diego and a published author on Web server technologies, Joe Lima brings a depth of knowledge on HTTP and server systems coupled with an everyday understanding of the challenges faced by Web administrators.

Mark Curphey
Mark was the original OWASP founder and is the moderator of the webappsec mailing list at Security Focus and has a Masters Degree in Information Security from Royal Holloway, University of London. Currently on a long term contract in Boston, he was previously the Director for Information Security at Charles Schwab in San Francisco and ran the consulting teams on the East Coast for Internet Security Systems out of Atlanta before that. He has held various positions with international investment banks in Europe and North America. In his spare time he enjoys his family (wife Cara, Son Jack (aged 2 years) and daughter Hana (aged 2 months)). Mark is the Chair of the WAS Technical Commitee at OASIS, a project he thinks we revolutionize the web security tools industry.

Jeremy Poteet
Jeremy is one of the leaders for the OWASP Guide and an active member of the OWASP Testing Methodology Project. He also acts as the liason officer for the WAS-TC at OASIS and is a member of the AVDL TC. He is the Chief Security Officer for appDefense and a CISSP. Jeremy is the co-author of "Extreme Programming with Ant" and was the winner of eWeek's OpenHack IV competition.