User:Yiannis

There is a world of numbers, hiding behind letters, inside computers, this is what stimulates my work. I am currently employed in IT risk management within the financial industry, running a team of technical risk assessors. Prior to this, I spent 5 years in the world of professional penetration testing. I focused my career evolution on assisting large scale projects actually implement secure development practices. This included teaching developers how to write secure code. For OWASP, I was the project leader for JBroFuzz and used to chair the Global Industry Committee. I am on the Application Security Advisory Board of the (ISC)2. My academic qualifications include a PhD in information security, designing routing protocols for ad-hoc networks. I am a certified scrum master and hold the CISSP certification.

Information Assurance: Risk Management & Risk Control


 * 2014 - ISC2 EMEA Congress Risk Engineering
 * 2014 - ISC2 Security Congress Atlanta Building an Agile Risk Assessment Program - Keeping Up with the Pace of Hackers

Application Security


 * 2011 - Web-Spa Single Request Authorisation Web Knocking
 * 2011 - Port Knocking Web Implementations Ideas for more ports
 * 2011 - Swiss Cyber Storm Protecting Web Applications through Port Knocking
 * 2009 - WebGoat Off-By-One Lesson WebGoat Off-By-One Lesson Remains to be Published

OWASP Life in Bullets:


 * 2010 - Bletchley Park ISSA UK Hacking for Queen and Country
 * 2010 - OWASP GitHub http://www.owasp.org/index.php/Category:OWASP_GitHub
 * 2010 - OWASP London http://www.owasp.org/index.php/London#Thursday.2C_January_14th_2010
 * Penetration Testing with Selenium
 * 2009 - OWASP Global Industry Committee http://www.owasp.org/index.php/Global_Industry_Committee
 * 2008 - OWASP NYC Conference http://video.google.com/videoplay?docid=-1551704659206071145#
 * JBroFuzz - Building a Java Fuzzer
 * 2008 - Deepsec Vienna http://2008.deepsec.net/
 * Hybrid Code Auditing: A Dataflow Source Code Review Methodology
 * 2007 - OWASP New York/New Jersey http://www.owasp.org/images/4/4e/OWASP_NY_07-Financial-Real-Time-Threats_Pavlosoglou.ppt
 * Financial Real-Time Threats: Impacting Trading Floor Operations
 * 2006 - JBroFuzz Project Leader http://lists.owasp.org/mailman/listinfo/owasp-jbrofuzz
 * JBroFuzz Mailing List

Project Involvement


 * DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
 * JBroFuzz - http://www.owasp.org/index.php/JBroFuzz

Contact

Yiannis Pavlosoglou yiannis@owasp.org