Summit 2011 Attendee Bios

Back to Attendee List | Back to main Summit 2011 page

Add a bio using the page edit link; change a bio using the section edit link.

Adamski, Lucas
Lucas Adamski heads up the product security team at Mozilla, works on security architecture and features, and generally tries to make the Internet a happier and safer place. Previously, Lucas was a Security Architect at Adobe focused on Flash Player and AIR. He also worked at @stake and developed security managed services software at Breakwater Security.

Agarwal, Anurag
Anurag Agarwal, the founder of MyAppSecurity, has proven record in providing customers with solutions related to security risk management. Anurag is a former Director of Education Services at WhiteHat Security and has over 15 years of experience designing, developing, managing and securing web applications with companies like Citigroup, Cisco, HSBC Bank, and GE Medical Systems to name a few. He is an active contributor to the web application security field and has written several articles on secure design and coding for online magazines. A frequent speaker on web application security at various conferences, Anurag is actively involved with organizations such as the WASC (Web Application Security Consortium) and OWASP (Open Web Application Security Project). He started the project on Web Application Security Scanner Evaluation Criteria and is currently a project leader for OWASP developer’s guide and OWASP Common Vulnerability List.

Aguilera, Vicente
Born in Badalona (Spain), Vicente is the OWASP Spain Chapter Leader, co-founder of Internet Security Auditors and member of the Technical Advisory Board in the RedSeguridad magazine. He is an enthusiastic of the application security, a regular speaker at industry conferences and has published several articles and vulnerabilities in specialized media.

Agustini, Alexandre
I am senior lecturer and currently academic coordinator of Informatics Faculty at the Catholic University of Rio Grande do Sul (PUCRS). I have a Ph.D. in Computer Science from Universidade Nova de Lisboa (2006) and my primary research interest is in Natural Language Processing, acting on the following topics: text mining, machine learning, syntactic and semantic analysis of natural language.

Akhmad, Zaki
Born in Jakarta, Indonesia, 1982, Zaki holds a master degree from Bandung Institute of Technology, Indonesia, with major Electrical Engineering. Currently he works at indocisc, a small consultant company focus on information security, as a Junior Security Analyst. On professional certification, he had passed the CISA exam which he took on June 2010. He has lead the OWASP Indonesia Chapter since December 2008. The first translation project completed by OWASP Indonesia Chapter team is the Top 10 OWASP 2010. He enjoys very much working on information security industry. On the leisure time, Zaki loves reading, writing, listening to music and for some time taking photos. He also enjoy sports, especially running and swimming. He can be contact at za at owasp dot org.

Alamri, Lorna
Lorna is a consultant at a large financial institution and resides in Minneapolis, Minnesota, USA. She is Vice President of the Minneapolis OWASP Chapter, a member of the Global Industry Committee, Editor of the OWASP Newsletter, and a member of the Summit Planning Committee.

AlBasha, Talal
Application Development Management, Application Security Consultation (GWAPT Certified) Alremh company at ICT Incubator Product Manager at Innovaive Solutions

Riyadh,Saudi Arabia OWASP Involvement: Syria Chapter Leader Past •	Presenter for Internet Security at ITDigest •	Senior Developer at King Faisal Specialist Hospital •	Senior Developer at KFSHRC Education •	Damascus University •	SANS Summary Portal Development with J2EE technology IBM Websphere portal server, application server (with clustering) Bea Weblogic SMS, MMS and Mobile Banking projects Application Security (SANS GIAC standards, OWASP standards, (ISC)2 CSSLP standards) GWAPT Certified

Specialties: J2EE, Websphere clustering, Weblogic, JBoss, Struts, JSF SMS, MMS, Mobile Banking SMS Gateway Application Security

Angal, Rajeev
Rajeev currently works as an Architect at Oracle (Sun Microsystems) and lives in the San Francisco Bay Area, California, USA. Past •	Founder & VP Engineering at Intellifabric Inc •	Director of Technology at Infospace Inc •	Architect, Portal Server at SUN Microsystems Education •	University of California, Santa Cruz •	IIT Delhi •	Delhi Public School - R. K. Puram

Aniceto, Alexandre
Information Security Consultant, CISSP, CISM, CISA, ISO27001/LA Partner at Willway, S.A.; Lisbon Area, Portugal Past Senior Security Consultant at Glintt Security Advisor at Archeocelis, Lda Security & Systems Engineer at Nokia Siemens Networks Education Royal Holloway, U. of London , (ISC)², ISACA - Information Systems Audit and Control Association Specialties: Information Security Management Security Architecture Design & Implementation Auditing and Regulatory Compliance

Aryavalli, Gandhi
Having Honors in Engineering (CS & Mech. Engg.) enriched by MBA (finance), have been working in Information Security space for the last 10+ years in the fields of Application Security, State Assessment, Data cum Network Security, Security Governance and Compliance areas. Currently part of McAfee family for the last 5+ years, providing technical expertise and support in the performance of architecture and application risk assessments for IT developed applications and third party solutions, review of applications for security vulnerabilities, perform penetration tests and enforcing Secure QA cum Coding practices. Key achievements include providing technical support to Department of Defence to install a Common Criteria lab in India for the first time, and established Vulnerability Accessment Center as per SSE-CMM Guidelines. Providing organisation wide trainings and conducting secure code reviews, as a Secure Core Team member of McAfee. Has played a key role in Application security in various CMM companies like Microsoft (v-id), Mahindra BT..etc.

Barbato, L. Gustavo C.
Gustavo is Ph.D. (application security) and M.Sc. (intrusion detection) in Information System Security as well as Bachelor in Computer Science. He has worked in security projects for the Brazilian Government for many years involving software programming, network and systems administration, computer and network security, application and network penetration testing, software security assessments, code review, malware analysis, intrusion detection, forensics analysis and others activities. During that time, he has also worked as security professor at college and postgraduate by teaching subjects about network and information security. In the beginning, he used to work as software developer and system administrator. However, the last years were dedicated to security consulting on areas aforesaid. Nowadays, he is the Technical Application Security Lead at Dell and Secure Programming Professor at UNISINOS University. As voluntary work, he is the Porto Alegre (Brazil) OWASP Chapter Founder/Leader and member of OWASP Global Chapter Committee.

Barnett, Ryan
Ryan Barnett is a Senior Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security where he focuses on web application defensive research and serves as the ModSecurity web application firewall project lead. In addition to his work at Trustwave, Ryan is also a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. He is also a Web Application Security Consortium (WASC) Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Web Honeypots Projects, as well as, the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache and is a frequent speaker at industry conferences such as Blackhat and OWASP.

Baso, Sarah
Sarah is a licensed attorney living in Minneapolis, Minnesota, USA. She currently works as a teacher for at risk youth (grades 5-8) at an after school and summer kids program, in addition to volunteering at an ESL school that provides English, computer, math, and citizenship classes to immigrants and refugees. Most recently, Sarah has been involved with OWASP, providing logistical support, travel planning and wiki foo for the Global Summit and serving as the secretary for the Global Industry Committee.

Batista, Marco
Marco is a 26 year old from Portugal with a Network and Communications Engineer degree. He has worked for 2 years in Carrier Sales Support / Customer Premises Equipment (CPE) Broadband Access (xDSL, FTTH), 	and is currently taking a MSc in Information Security.

Bergling, Mattias
Mattias Bergling works as a Senior Security Consultant at 2Secure in Stockholm, Sweden. Mattias has been working with IT security for 12 years and has been focusing on security testing for the last 8 years. Mattias is the co-leader for the Swedish OWASP chapter and was on the Organizing Committee for AppSec EU 2010.

Bernik, Joe
Mr. Bernik is the Chief Information Security Officer for Fifth Third Bank, responsible for protecting Fifth Third Bank and its clients’ information systems from risks. He is also responsible for defining and implementing Enterprise-wide information security strategies for the Bank. Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations. Prior to his role at Fifth Third Bank, Mr. Bernik served in roles including Director of Operational Risk at the Royal Bank of Scotland and Chief Information Security Officer of ABN AMRO, and its subsidiary, LaSalle Bank. Mr. Bernik received his bachelor’s degree from the University of Mary Washington in Fredericksburg, Virginia, and completed graduate work in business administration at the City University of New York. Mr. Bernik currently serves as an advisor to the Federal Reserve on matters of information security and is on the steering committee of the Financial Services Sharing and Analysis Center (FS-ISAC).

Biagiotti, Massimo
<div style=“text-align:justify”>Project Manager and Business Developer of consulting activities for network and application security analyses concerning Ethical Hacking, Secure Software Development Lyfecycle, Security Processes, Risk Analyses and Business Impact Analyses. Since 2009 is also responsible of the Internship Program of Business-e.

Bonver, Edward
<div style=“text-align:justify”>Edward Bonver is a principal software engineer on the product security team under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company’s software security practices through the adoption of methodologies, procedures and tools for secure coding and security testing. Within Symantec, Edward teaches secure coding and security testing classes for Symantec engineers, and also leads the company’s QA Security Task Force, which he founded. Prior to joining Symantec, Edward held software engineering and QA roles at Digital Equipment Corporation, Nbase and Zuma Networks. Edward is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP). He holds a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. Edward is a Ph.D. student at NOVA Southeastern University.

Booth, Rex
<div style=“text-align:justify”>Rex is a Senior Manager in Grant Thornton’s Public Sector practice and leads their Cybersecurity Solution group. He has over ten years of experience providing application development, risk management and information security services to government agencies, private industry, and financial institutions.

Since joining Grant Thornton, Rex has led various information security and risk management engagements including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. During his tenure at previous employers, Rex designed and developed complex distributed web-based applications. As a member of a managed security services team performing research and development, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on thousands of devices. He has presented on the topic of information security and assessment methodologies to various institutions and is currently a global committee member for the Open Web Application Security Project (OWASP).

Brennan, Tom
<div style=“text-align:justify”>Brennan started with technology in 1986 when 8-bit and CP/M was cool. After a career ending injury with United States Marines Corps., during Gulf War I Era he has dedicated his life to information security. Was elected and served with the FBI Infragard program 2002-2004 and then founded the OWASP New Jersey Chapter that today includes NYC Metro. In 2007 Brennan was appointed by his application security peers to the OWASP Global Board of Directors. Tom was the managing partner of Proactive Risk that routinely assessed technology, people and process used in finance, e-commerce, oil/gas, power generation/transmission, water, and global enterprise networks before joining Trustwave Spiderlabs in 2011. A father of 4 great kids and is a frequent and entertaining speaker at information security conferences and bars around the world ;)

Brewer, Deb
<div style=“text-align:justify”>LXstudios Inc., Owner/Director Deb has provided branding, corporate identity and collateral design solutions to institutional and retail clients for over twenty years. On a Fine Arts Scholarship, she obtained a bachelor of Fine Arts in Graphic Design with a Minor in Professional Writing from Carnegie Mellon University in Pittsburgh, PA. She began her career as a Senior Designer in the Creative Services department at Thomson Financial in Boston, MA. After Thomson, Deb became a partner at Patric Ward Design in Boston, managing accounts such as Janus Institutional, Reebok, Standard & Poor’s, and Thomson Financial. In 1999, Deb opened LXstudios, providing branding, corporate identity, print collateral, advertising, web and event support to financial services, medical, technology, management consulting, mortgage/banking and retail clients.

Bristow, Mark
<div style=“text-align:justify”>Mark Bristow works as an Industrial Control Systems (ICS/SCADA) Security consultant with Securicon LLC for a US Government client. Before getting involved with ICS, Mark was heavily involved in web application vulnerability research, penetration testing and building application security programs as a consultant with SRA International. Mark is an active member of the Open Web Application Security Project (OWASP) as Global Conferences Committee Chair, AppSec DC Organizer, and Co-Chair of the OWASP DC chapter.

Brzozowski, Daniel
<div style=“text-align:justify”>Daniel is a web security enthusiast with broad knowledge in web applications development and web security. He has been working in banking and financial industry for the last few years. He is doing his Masters Degree in Artificial Intelligence at Warsaw University of Technology. He is currently working on his final master’s thesis, whose title is “Web Application Penetration Tests”. Right now he is based in London, UK and works for a worldwide financial company. His interests covers all aspects of web security, web development and public speaking. In his free time he enjoys practicing Krav Maga, listening to music and following Web Security news.

Buetler, Ivan
<div style=“text-align:justify”>Founder and CEO, Compass Security AG (since 1999) Founder of Swiss Cyber Storm Security Conference (since 2007) Founder of Hacking-Lab community site / Alias E1 (since 2006) Founder and board member of Cyber Tycoons foundation (since 2010) Board member Information Security Society Swizerland ISSS (since 2010) Member /ch/open foundation. After completing his degree in Electrical Engineering at the Technical College of Rapperswil focusing on computer science, control technology, electronics, energy engineering, and motion technology, Ivan Buetler worked for 2 years in St.Gallen at AGI Service, a company which provides services for banks. He provided plans for high-availability Unix and NT server systems including, among other things, a platform for the stock market and foreign exchange dealers based on Reuters, Bloomberg and FIMS (Telekurs). Afterwards, while working for 3r security engineering ag/Entrust Technologies, Ivan supported security consultants in technical matters, analysed clients' technical problems, local network and computer systems throughout Europe. This security work included penetration tests, security reviews, the development of secure architectures, Internet and Intranet security, as well as security solutions for e-Commerce. In particular, he was involved in the cross-certification of the Canadian Entrust PKI with Europe. During these activities he completed post-graduate studies at the Management School of St.Gallen/Zurich in Business Management.

Calderon, Juan Carlos
<div style=“text-align:justify”>Juan currently works as Application Security Research Leader/Sr Auditor at Softtek and lives in the Aguascalientes Area, Mexico. Prior to this he was a Project Leader at Softtek, as well as a Sr Application Security Auditor and Sr Web Developer at Soft tek. Juan also worked as a Web Application Security Specialist and Web Developmer at GE DDEMESIS and as the IT Manager at Gabatti. Juan received his education from the Instituto Tecnológico y de Estudios Superiores de Monterrey and the Instituto Tecnológico de Zacatecas. Juan Specializes in: Application Security, Security Source Code Review, Vulnerability assessments, security trends analysis, Penetration Testing, Secure SDLC, App Sec consultancy.

Campbell, David
<div style=“text-align:justify”>Founder and Principal Consultant, Electric Alchemy DC has been immersed in technology since elementary school. Early experiences with Microsoft Flight Simulator on an 4.77MHz 8086 IBM got him interested in computers as well as aviation. Campbell went on to become a well respected figure in the information security community as well as a FAA certificated pilot. DC joined Andersen Consulting after graduating from University and his aptitude for hacking quickly led him to the forefront of the Firm's then nascent information security practice. At Andersen, Campbell worked as a security architect for a series of high profile projects while simultaneously providing penetration testing expertise on short engagements all over the world. Since founding EA Campbell has embraced application security and mobile security and continues to be involved in the community. DC leads the Denver chapter of the Open Web Application Security Project and organizes the successful annual FROC application security conferences.

Casey, Larry
<div style=“text-align:justify”>Director of IT, OWASP.

Causey, Brad
<div style=“text-align:justify”>Brad Causey is an active member of the security and forensics community worldwide. Brad tends to focus his time on Web Application security as it applies to global and enterprise arenas. He is currently employed at a major international financial institution as a security analyst. Brad is the President of the OWASP Alabama chapter, a member of the OWASP Global Projects Committee and a contributor to the OWASP Live CD. He is also the President of the International Information Systems Forensics Association chapter in Alabama. Brad is an avid author and writer with hundreds of publications and several books. Brad currently holds certifications in the following arenas: MCSA, MCDBA, MCSE, MCT, MCP, GBLC, GGSC100, C|EH, CIFI, CCNA,IT Project Management+, Security+, A+, Network+, CISSP, CGSP.

Chalmers, Matthew
<div style=“text-align:justify”>Matthew Chalmers has been doing information security and related work his entire professional career, since earning his bachelor's degree from MST. Matt has worked for large organizations in the defense, financial and manufacturing industries including the US Navy, the National Security Agency, JPMorgan Chase and, presently, Rockwell Automation. Matt currently performs risk, threat, control and vulnerability assessments; regulatory & policy/standard compliance audits; process improvement audits; and general & application control audits. Matt holds the CISA, GSNA, GCFA, CEH and CHS certifications and is ITIL v3 Foundation certified. Matt has been involved with OWASP since about 2002 and can be reached at matthew dot chalmers at owasp dot org.

Chandra, Pravir
<div style=“text-align:justify”> Pravir Chandra is Director of Strategic Services at Fortify where he leads software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. Creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project, Pravir also works extensively with OWASP and on other open projects to promote effective application security practices. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.

Cheng, Steven
<div style=“text-align:justify”>Steven Cheng is currently the product manager for CodeSecure at Armorize Technologies, Inc. He has been with the company for more than five years spanning early from the development phase to current product management role. His job primarily involves requirement gathering and specification design. Recently the focus also shifted into development process in order to have better control of release schedule.

In the past year Steven had led the CodeSecure team to undergo a major product transformation in terms of distribution method from appliance to pure software based, and complete UI redesign. The beta version is now available for download and final release date is scheduled on 4th March.

Clarke, Justin
<div style=“text-align:justify”>Justin is a Director and Co-Founder of Gotham Digital Science, based in London. Justin has extensive international risk management, security and secure development consulting and testing experience in the United Kingdom, United States and New Zealand. He is the lead author/technical editor of "SQL Injection Attacks and Defenses" (Syngress), co-author of "Network Security Tools" (O'Reilly), and a contributor to "Network Security Assessment, 2nd Edition" (O’Reilly), as well as a speaker at various security conferences and events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP, OSCON, RSA and SANS. Currently Chapter leader of the OWASP London chapter, and a member of the OWASP Connections Committee, he has a Bachelors degree in Computer Science from the University of Canterbury in New Zealand. He’s also a CISSP, CISM, CISA, CEH, and still has his MCSE if you have a Windows NT 4.0/Exchange 5.5 network.

Coates, Michael
<div style=“text-align:justify”>Michael Coates has extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers worldwide. Michael holds a master's degree in Computer Security from DePaul University and a bachelor's degree in Computer Science from the University of Illinois. Michael is the creator and leader of the AppSensor project and a contributor to the 2010 OWASP Top 10. He is a frequent speaker at OWASP security conferences in the US and Europe and has also spoken at the Chicago Thotcon conference and provided security training at BlackHat. As the web security lead at Mozilla, Michael protects web applications used by millions of users each day.

Coimbra, Paulo
<div style=“text-align:justify”> Paulo has begun working for OWASP in July 2007 assuming the Spring of Code closing process. In the beginning of 2008, he has become OWASP part-time employee assuming the role of Project Manager. After completing his IELTS course, his status has changed again when in July 2008 he moved into a full-time position. He answers directly to the OWASP Board and has been working closely with the OWASP Global Projects Committee since it has been institutionalized in November 2008. A few of his OWASP’s heterogeneous contributions are as follows: •	OWASP Spring of Code 2007, •	OWASP Summer of Code 2008, •	OWASP EU Summit 2008, •	OWASP Assessment Criteria 1.0 & 2.0, •	OWASP 'Project About' Templates, •	OWASP Projects Dashboard, •	OWASP Project Reviewers Database, •	OWASP Training. Paulo Coimbra has a M.S. in Management (Technical University of Lisbon), a Post-Graduation in Political Science (University of Lisbon), and a B.S. in Management and Social Development (Portuguese Catholic University). He has worked in management since 1992. He has performed different roles, from Economist (IAPMEI/Portuguese Ministry of Economy) to Teacher of Finances, Accountancy and M&A (Polytechnic Institutes of Setúbal and Santarém), to Marketing Director and Teacher of Project Finance, Corporate Communication and Political Science (Piaget Institute).

Cornell, Dan
<div style=“text-align:justify”>Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.

Corry, Bil
<div style=“text-align:justify”>Information Security Engineer at PayPal I have extensive experience in information security, information technology and web application development. I bring integrity and accountability to all of my projects. Beyond my technical skills, I also have experience managing people and resources, budgeting, metrics, legal issues, strategic planning, and public speaking.

Information Security: access controls, disaster recovery, network security, web application security, HIPAA, PCI, application lifecycle, penetration testing, auditing, security research and more. Information Technology: server administration, hardware/software installation/configuration, help desk/technical support, product evaluation, and more. Web Application Development: entire development cycle, from design to implementation to quality assurance to deployment. Specialties: Contributor to HTML5 (http://www.whatwg.org/specs/web-apps/current-work/multipage/acknowledgements.html#acknowledgements) Contributor to WASC Threat Classification v2 (http://projects.webappsec.org/Threat-Classification-Authors)

Cruz, Dinis
<div style=“text-align:justify”>Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the OWASP O2 Platform which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers). Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM) performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.

Cruz, Sarah
<div style=“text-align:justify”>Sarah Cruz is an award winning graphic designer working in London for Lewis Moberly www.lewismoberly.com. She Is responsible for the design of such global icons as Glenmorangie whisky, Johnnie Walker director’s blend, Sport England, and the new Gatwick Airport identity. She designed the OWASP Summit '08, and the OWASP Summit 2011 identity. In 2008 she founded the charity Abundance London www.abundancelondon.com, which works with school groups to harvest surplus local fruit from city gardens and parks, and supplies it to local restaurants. English by birth, she grew up in the US. Sarah went to Choate and has a BA (hons) from Carnegie Mellon University. She can speak a bit of Portuguese. Sarah has two daughters 7 and 5 with husband Dinis Cruz.

Dawson, Isaac
<div style=“text-align:justify”>I am interested in all forms of application/network security. I mainly enjoy trying to think of unique ways of breaking applications from a business logic stand point. I have published the following papers: • Blind Buffer Overflows in ISAPI extensions: http://www.securityfocus.com/infocus/1819 - This article was released on the main page of the leading security news and information site, Security Focus in January 2005. • The Benefits of Combining Automated and Manual Penetration Testing (Japanese Only): https://www4.symantec.com/Vrt/offer?_requestid=22090&a_id=42747 – This white paper was written to aid our sales team in educating our customers as to the benefits of combining manual testing with automated tools. I felt that the Japanese market relied too heavily on tool based analysis so the paper was written to show what automated tools cannot find. Specialties: application assessments, network assessments, some reverse engineering

De Win, Bart
<div style=“text-align:justify”>Bart is a security enthusiast with an extensive academic background. He is a master in Computer Science. Afterwards, he has spent over a decade researching and improving techniques for the analysis and development of secure software, among others in the context of his Ph.D. He authored more than 60 articles published in international journals or conferences. He is specialized in methodological and constructive software security techniques, with a specific focus on application security. Because of his background, he has an in-depth knowledge of the state-of-the-art in the area. Bart currently works as a security consultant in the domain of application security. He works on a daily basis on application assessments and on helping customers improving their software security practices. Bart is one of the OWASP chapter leaders of the Belgian OWASP chapter. He co-organizes the OWASP BeNeLux events.

Deleersnyder, Seba
<div style=“text-align:justify”>Sebastien Deleersnyder (Seba), Managing Technical Consultant SAIT Zenitel. Starting up the ICT Security bussines line for SAIT Zenitel BeNeLux-France (www.saitzenitel.com). I started the Belgian OWASP Chapter in 2005, have started the OWASP Education project and participate in the global chapters committee and the Board of the OWASP Foundation. I co-organize the yearly security & hacker BruCON conference and trainings in Brussels (www.brucon.org). As security project leader and information security officer for multiple customers I have build up extensive experience in Information Security related disciplines, both at strategic and tactical level. I specialise in (Web) Application Security, combining both my broad development and information security experience.

DiPaola, Stefano
<div style=“text-align:justify”>Stefano Di Paola is the CTO and a cofounder of Minded Security, where he is responsible for Research and Development Lab. Prior to founding Minded Security, Stefano was a freelance security consultant, working for several private and public companies. He also worked in collaboration with University of Florence at the Faculty of Computer Engineering. Stefano is recognized as one of the top application security researchers. In the past years he released several advisories including the ones that are not publicly disclosed but patched and several open source tools. He has also contributed to OWASP testing guide and is also the Research & Development Director of OWASP Italian Chapter.

Donovan, Fred
<div style=“text-align:justify”>Fred is an application security researcher and the founder of Attack Logic, a U.S. based AppSec consultancy. He spent 3 years as a private researcher on campus at UNL’s Technology Park in the field of InfoSec and for the past 11 years has provided executive level IT services to public and private organizations. Application Security has been his exclusive focus for the past seven with a general focus on information warfare and the uses of counter intelligence for purposes of corporate defense. He is a regular guest lecturer and speaker at Universities, Conferences, and professional organizations. Mr. Donovan is alumni of the University of Missouri -- Columbia (Mizzou) and the American Military University (AMU).

Durkee, Ralph
<div style=“text-align:justify”>Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GCIA, GPEN is the principal security consultant and president of Durkee Consulting, Inc since 1996. Ralph founded the OWASP Rochester, NY chapter since 2004 and currently serves as a member of the OWASP Global Conferences Committee. Ralph also serves as president of the Rochester ISSA Chapter and chairs the annual Rochester Security Summit. He performs a variety of security audits and software security assessments and software development consultations for clients in the Rochester, NY area. His expertise in penetration testing, incident handling, secure software development and secure Internet and web applications is based on over 30 years of both hands-on and technical training experience. He has developed and taught a wide variety of professional security seminars including custom web application security training, and SANS SEC401 & SEC504 - Hacker Techniques and Incident Handling and CISSP bootcamp courses since 2004. Ralph regularly leads development of a wide variety of security standards such as application security, database encryption and security consulting for compliance with the Payment Card Industry Data Security Standard.

Dworakowski, Wojciech
<div style=“text-align:justify”>I am co-founder and Director at SecuRing - company specializing in security testing services, based in Krakow, Poland. During last 8 years at SecuRing, I was managing many projects in domain of security testing for leading financial companies and public organizations. Considering OWASP, I am especially interested in: •	Security testing management. •	ASVS. •	OWASP Testing Guide, etc. •	Risk assessment vs. (web) applications. •	Security development lifecycle (OpenSAMM). •	Penetration testing & code review. •	Frameworks security. OWASP Poland board member. ISMS Lead Auditor / BS7799 certified.

Elias, Wagner
<div style=“text-align:justify”>http://wagnerelias.com/  Sao Paulo Brazil Certifications: CBCP - Certified Business Continuity Professional SANS GIAC GHTQ CobiT Foundation ITIL Foundation Specialties • Application Security • Penetration Test • BCMS (Business Continuity Management System) • DRP (Disaster Recovery Plan) • ISMS (Information Security Management System) • DMS (Data Management System) • Risk Analysis & Mitigation • Pre-Sales & Customer Interface • Risk-Critical Solution Design & Deployment • Public Speaking & Writing Talents

Eng,Chris
<div style=“text-align:justify”>Chris Eng is Senior Director of Research at Veracode, where he helps define and implement the security analysis capabilities of Veracode’s service offerings. He has over 12 years of experience in information security, including senior technical positions at Symantec and @stake, where he specialized in software security assessments, penetration testing, reverse engineering, and vulnerability research while also leading the development of @stake’s WebProxy product. During this time, he advised numerous Fortune 100 companies on software security and served as a global leader for Symantec’s Attack and Penetration Center of Excellence. He began his career with the US Department of Defense working on a variety of offensive-minded infosec projects. Chris speaks regularly at top information security conferences including BlackHat, OWASP, and RSA, discussing topics such as cryptographic attacks, application security metrics, secure coding, and the SDLC. He also serves on the advisory board for the SOURCE Boston and SOURCE Barcelona security conferences. Along with experts from more than 30 US and international cyber security organizations, he helped develop the CWE/SANS Top 25 Most Dangerous Programming Errors.

Evans, Arian
<div style=“text-align:justify”>Arian Evans is the VP of Operations at WhiteHat Security. In this role, Arian leads a team of application security engineers integral to delivering the WhiteHat Sentinel SaaS-based website vulnerability management service, currently assessing over 3000 production websites around the globe, primarily in e-commerce, financial services and healthcare verticals, and including many Fortune 500 companies. Arian's team also verifies all vulnerabilities identified by WhiteHat Sentinel, a unique feature of the service. Arian has worked at the forefront of Web application security for more than 10 years. His global projects include work with the Center for InternetSecurity, NIST, the FBI, the Secret Service, and many large commercial organizations in analyzing Web application security and providing hacking incident-response. Arian also researches and discloses new attack techniques and vulnerabilities in Web application software including commercial platforms like Cisco and Nokia. Previously, Arian led the Application Security Practice at FishNet Security, working with Fortune 500 clients and delivering software security services globally. Arian is a frequent speaker at industry conferences including Black Hat, Hacker Halted, OWASP, RSA, and WASC events, and was also a contributing author for "Hacking Exposed: Web Applications."

Falkenberg, Andreas
<div style=“text-align:justify”>Student at the Chair for Network and Data Security, Ruhr University Bochum Germany. Research interests include: - Web Service Security - Web Service Attacks - XSS

Fazli Azran, Mohd
<div style=“text-align:justify”>Mohd Fazli Azran was OSS evangelist and are active use OSS from 1996. Join many OSS community and spread about OSS to public. Work as System Administrator almost 10 years and believe on OSS spirit "Sharing is Caring". Now move into Open Source Security for make awareness to public what is OSS security can do for community. Currently was Fedora Ambassador & openSUSE Ambassador. He also was CyberSafe Ambassador for Security Awareness by CyberSecurity Malaysia. He also was Secretariat for Open Source Developer Club Malaysia (OSDCMY) that organized Malaysia Open Source Conference (MOSC). Now active being OWASP Malaysia Chapter Leader.

Fedon, Giorgio
<div style=“text-align:justify”>Giorgio Fedon is the COO and a cofounder of Minded Security, where he is responsible for running daily operations of the company and managing Professional Services. Prior to founding Minded Security, Giorgio was employed as senior security consultant and penetration tester at Emaze Networks S.p.a., delivered code auditing, Forensic and Log analysis, Malware Analysis and complex Penetration Testing services to some of the most important Companies as Banks and Public Agencies in Italy. He participated as speaker in many national and international events talking mainly about web security and malware obfuscation techniques. He was also employed at IBM System & Technology Group in Dublin (Ireland).

Ferraz, Felipe
<div style=“text-align:justify”>Felipe Ferraz is PhD candidate, has a Master Degree and Post Graduation on Software Engineering with emphasis on: Software Engineering, system architectures and Information Security. Worked with computer system for the last 8 years, experience in design and develop applications both web and mobile, specially with J2ME and Android Technologies. Has been Teaching Software Security Engineering on CESAR.EDU and FBV.

Ferreira, Lucas C.
<div style=“text-align:justify”>Lucas has been a security professional for more than 15 years. He began working on network security and then security management. As he has several developers in the family, he got interested in secure development techniques. In 2008, he answer a Call for Trainings to be delivered at the first OWASP Summit and got the opportunity to go to Portugal and to know OWASP and its leaders. In 2009 he managed to put together the first AppSec Conference in South America and did it again in 2010. He is now more involved in OWASP than ever, having a seat at the Global Conferences Committee, leading the OWASP local chapter in Brasilia, DF, Brazil and leading the newborn OWASP Portuguese Project.

Fette, Ian
<div style=“text-align:justify”>Product Manager on the Google Chrome team. Responsible for ensuring the APIs we add to Google Chrome and to web standards provide a coherent development platform that meets the needs of Google's application developers and web developers at large. Experience managing large globally distributed products, currently managing a group split between N. America, Europe, and Asia. Engineer with the U.S. Government, working on large highly available database applications, with security clearance. Specialties: Product management, web standards, contract negotiations, security, phishing, malware

Fitzgerald, Alexis
<div style=“text-align:justify”>"I spent many years on the development side of the fence working on both thick client and web-based applications. That was mainly in the financial sector in Ireland and Switzerland.  In the early noughties somebody asked me if I had heard of this thing called "SQL Injection".  That was when I began the transition from poacher to gamekeeper, working on the security end of things. I continue to do a good deal of development.

My first contact with OWASP was the AppSec Europe conference at Royal Holloway outside of London in 2005. Since then I have mainly been a consumer of OWASP resources, apart from giving a few talks at various chapter meetings. My goal with OWASP is to help development teams build "enough" security into their projects and to raise general awareness about OWASP and application security. That is why I believe that outreach and education type initiatives must be key aspects in the future direction of OWASP."

Fitzhugh, Justin
<div style=“text-align:justify”>Justin Fitzhugh is the VP of Engineering Operations for the Mozilla Corporation. He's responsible for all Mozilla’s production and corporate infrastructure, including serving the Firefox product to more than 150 million users. In addition to Firefox distribution, his team designs, implements and supports the infrastructure for one of the largest open source organizations in the world. Prior to Mozilla, Justin managed Macromedia’s global datacenter environment. He spends his spare time as an avid pilot, snowboarder and father in the Bay Area.

Flores, Mauro
<div style=“text-align:justify”>I start working on security stuff at the age of 18 disassembling viruses and helping to develop AV technologies. After that I work as a developer for companies related to the financial industry where I help to develop credit card related applications, home bankings and stuff like that. Then I move to the administration phase of my life where I work as a security network administrator for the main TMT company of my country. At the same time I did security research and develop for companies on the United Kingdom and Brasil. Now I work as a security consultant in Deloitte Uruguay.

Fontes, Antonio
<div style=“text-align:justify”>A.F. has over 10 years experience in the field of software development and risk management with private organizations. Member of the OWASP Switzerland board, he leads the Geneva chapter and contributes in several reference software security projects such as the "CWE Top 25 most dangerous programing errors." Antonio currently works at L7 Sécurité, a swiss security & risk consultancy company he founded in 2010. His work strongly emphasizes on helping organizations better understand Internet threats and manage their risks

Fort, Julio Cesar
<div style=“text-align:justify”>As you can see, my name is Julio Cesar Fort, 24, yet another guy living in Recife, Pernambuco, a very beautiful state located in northeast of Brazil. Currently I am an undergraduate student of Computer Engineering at CIn/UFPE (Pernambuco Federal University) and former undergraduate student in Mechanics Engineering at the same university. I also have a parallel activity as self-proclaimed (haha) editor-in-chief of The Bug! Magazine, the only active hacking-related e-zine in Brazil nowadays. By the second half of 2005 and early 2006 I was a schoolarship holder of CNPq and acted as intern at C.E.S.A.R. learning secure coding techniques in C. I confess I had a great time there but I could have learned much more. After my time in C.E.S.A.R. was over, I worked, also as intern, in coadmin team at Tempest Technologies, a very nice market-leading company Brazilian information security industry. Tempest was nice because, it doesn't sell fear and lies like other companies that make this industry so filthy. I asked to leave the company because I had no time to study and my grades were dropping as hell. By the way, Recife is also a brazilian technological pole. Cases like Porto Digital and C.E.S.A.R. are the living proof of it. Because of these initiactives we have now based in Recife major companies such as Motorola, Intel, Samsung, LG Electronics, Nokia research institute and even Microsoft.

Fortuna, Pedro
<div style=“text-align:justify”>He is a co-founder and CTO of AuditMark where he coordinates the R&D. AuditMark is a web-security start-up focused on two main areas: web traffic auditing and website protection. AuditMark already launched a Javascript obfuscation service called JScrambler. Holds a degree in Computing Engineering and a MSc in Computer Networks. Extensive knowledge and professional experience in R&D projects and software development, both at academic and industrial levels. Teached at the Faculty of Engineering of the University of Porto, and also gave training in computer security. Currently, teaches Networks and Computer Security at the Engineering School of the Polytechnic Institute of Porto. He is also a member of INESC Porto L.A., a National R&D Laboratory, where he is working towards his PhD.

Frosch,Tilman
<div style=“text-align:justify”>Tilman Frosch works as a researcher for the Horst Görtz Institute for IT-Security at Ruhr University Bochum, Germany. He is interested in everything that leverages the browser to compromise the system. In his spare time he stares at passive-DNS data and Ruby code. In the time left he creates noises from various instruments or spends said time outdoors.

Galvao, Pedro
<div style=“text-align:justify”>I have a five years degree in Information System and Computer Engineering (IST - Technical University of Lisbon), being a Oracle OCP (Oracle Certified Professional), about 7 years of experience as Oracle DBA and about 14 years of IT experience. Besides this, through my professional career, I had been in several roles such as Trainer, Systems Administrator, Project Manager, and as a Programmer.

Gao, Helen
<div style=“text-align:justify”>Helen Gao has worked in the field of information security since 1991. She has worked as an application developer, manager as well as a software architect. Her employment history includes a financial institution, a market research company, a high-tech device manufacturer and a software company. Helen is a senior architect in TIBCO Software Inc. Her job duties include designing and developing complex event processing software. Protect information security in such systems is challenging because of their strict performance requirements in terms of high event throughput and low processing latency. Helen welcomes the challenge and uses the knowledge she obtained from OWASP to manage the life cycle of projects. |Helen has taught math, physics and computer science in colleges in both United States and China. Helen graduated from Sun Yat-sen University in China. She continued her studies of physics and computer science after she came to the United States. Helen has masters degrees in both physics and computer science. Helen founded the Long Island OWASP chapter in 2006. Besides volunteering for OWASP, she serves as the president of Sun Yat-sun University Alumni Association. Helen helped found the Long Island Chinese School.

Garrancho, Bruno
<div style=“text-align:justify”>Information security professional with global experience in diverse environments. I hold a Msc in Information Technology - Information Security by Carnegie Mellon University. I’m currently the Security Practice Leader of Professinal Services & Innovation for Logica Iberia.

Garg, Vishal
<div style=“text-align:justify”>Vishal Garg is the Founder and Principal Security Consultant for AppSecure Labs Limited, a UK based company offering application security and penetration testing services. He specialises in conducting network and application security reviews, design reviews, and vulnerability research and analysis for web-based applications, cloud-based systems and COTS applications. In his 12-year career, he has offered software development and expert security advice to several recognised Fortune 500 and FTSE 100 companies including international financial institutions, retailers and multinationals. He has a masters degree in Information Security from Royal Holloway, University of London and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA) and currently the project leader for the OWASP Development Guide.

Gomes, Leandro Resende
<div style=“text-align:justify”>Leandro Resende Gomes lives in Brasília, capital of Brazil. He works at SERPRO, Brazilian Federal Data Processing Service, organization that creates and maintains huge computer systems for critical public companies. Leandro works on a security development group, responsible to address corporative security aspects during the SDLC. This group was created in 2006, and they discovered OWASP on that same year. The main contribution to OWASP was the translation of ASVS and QuickRef Guide. The work of this group includes the dissemination of technical orientation, source code analysis and pen testing coordination and definition of security components/frameworks to be adopted. The last events Leandro participated was BlackHat 2009 conference in Las Vegas, OWASP AppSec 2009 and ICCyber 2010, Brazil. He wrote an article about "Securing web applications with fuzzing tests" for a SERPRO internal conference.

Gondrom,Tobias
<div style=“text-align:justify”>Tobias Gondrom is Managing Director of an IT Security & Risk Management Advisory based in the United Kingdom and Germany. He has twelve years of experience in software development, application security, cryptography, electronic signatures and global standardisation organisations working for independent software vendors and large global corporations in the financial, technology and government sector, in America, EMEA and APAC. As the Global Head of the Security Team at Open Text (2005-2007) and from 2000-2004 as the lead of the Security Task Force at IXOS Software AG, he was responsible for security, risk and incident management and introduced and implemented a secure SDLC used globally by development departments in the US, Canada, UK, Germany, and India. Since 2003 he is the chair of the IETF working group „LTANS“ in the security area, member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF, and a former chapter lead of the German OWASP chapter from 2007 to 2008. Tobias is the author of the international standard RFC 4998 (Evidence Record Syntax) and co-author and contributor to a number of internet standards and papers on security and electronic signatures, as well as the co-author of the book „Secure Electronic Archiving“ (ISBN 3-87081-427-6), and frequent presenter at conferences and publication of articles (e.g. ISSE, Moderner Staat, IETF, VOI-booklet “Electronic Signature“, iX).

Greene,Collin
<div style=“text-align:justify”>Security Engineer at Facebook. Development. Security. Security Development. Recently focusing on building static and dynamic analysis tools and getting them used within an organization.

Hansen, Robert
<div style=“text-align:justify”>Communications and Cable & Wireless in varying roles from Sr. Security Architect and eventually product managing many of the managed security services product lines. He also worked at eBay as a Sr. Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies. Later he worked as a director of product management for Realtor.com. Robert sits on the advisory board for the Intrepidus Group, previously sat on the technical advisory board of ClickForensics and currently contributes to the security strategy of several startup companies. Mr. Hansen wrote Detecting Malice authors content on O'Reilly and co-authored "XSS Exploits" by Syngress publishing. He sits on the NIST.gov Software Assurance Metrics and Tool Evaluation group focusing on web application security scanners and the Web Application Security Scanners Evaluation Criteria (WASC-WASSEC) group. He also has briefed the DoD at the Pentagon and speaks at SourceBoston, Secure360, GFIRST/US-CERT, CSI, Toorcon, APWG, ISSA, TRISC, World OWASP/WASC conferences, SANS, Microsoft's Bluehat, Blackhat, DefCon, SecTor, BSides, Networld+Interop, and has been the keynote speaker at the New York Cyber Security Conference, NITES, OWASP Appsec Asia and OWASP Appsec Brazil. Mr. Hansen is a member of Infragard, West Austin Rotary, WASC, IACSP, APWG, contributed to the OWASP 2.0 guide and is on the OWASP Connections Committee.

Hartmann, Kate
<div style=“text-align:justify”>Operations Director at OWASP

Heiderich, Mario
<div style=“text-align:justify”>Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the HTML5 security cheat-sheet and maintains the PHPIDS filter rules. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' – a book on how an attacker would bypass different types of security controls including IDS/IPS.

Heyes, Gareth
<div style=“text-align:justify”>Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind JSReg – a Javascript sandbox which converts code using regular expressions; HTMLReg & CSSReg – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' – a book on how an attacker would bypass different types of security controls including IDS/IPS.

Hinojosa, Kuai
<div style=“text-align:justify”>Enter bio here.

Hodges, Jeff
<div style=“text-align:justify”>Jeff Hodges is a practicing Security Engineer and Protocol Architect, working at PayPal in the areas of web security, identity, and distributed infrastructure. His interests lie in the areas of web security as well as the nature of "online identity" and its realization via composition of authentication, security, directory, and other technologies. He participates in various IETF working groups including those whose topics involve HTTP, TLS/SSL, and those that touch upon security/identity. He also participates in various other Internet-based fora, e.g. Internet Identity Workshop (IIW), OASIS (SSTC/SAML committee), Kantara, Identity Commons, etc. In the recent past, he contributed to the Liberty Alliance effort as an editor and co-author of several of the Liberty ID-WSF and ID-FF protocol specifications. Earlier, he served as co-chair of the OASIS Security Services Technical Committee (SSTC/SAML), shepherding and contributing to the development of SAMLv1.0, as well as subsequently contributing to v1.1 and v2.0. His prior work has included contributions to the design of the LDAPv3 directory access protocol (in the areas of authentication and security), as well as contributing to the design and deployment of Stanford University's SUNet ID and Registry/Directory infrastructure. He's held architecture, engineering, and management positions at NeuStar, Sun Microsystems, Oblix, Stanford University, and Xerox.

Hoff, Jerry
<div style=“text-align:justify”>Jerry Hoff is a Senior Application Security Engineer at Aspect Security. Jerry has led and performed numerous application security code reviews for clients across multiple industries. Jerry also provides training services for clients, and has over 10 years teaching and development experience. Jerry is also involved in the Open Web Application Security Project (OWASP) and was the lead developer of AntiSamy.net project. He has a master's degree in Computer Science from Washington University in St. Louis.

Hoffman, Achim
<div style=“text-align:justify”>"some" Security .. It's difficult to describe my knowledge in the security world without being subjective, hence replace some by whatever your feel happy with. The official title on the v-card will be senior security and network consultant, which means something too. (Short) CV I'm doing software development since early '80s, used to networking all the time, and focused on web application security starting this millenium. Meanwhile I've seen coming, have evaluated, have configured and used, and have seen disappearing a lot of WAFs and web application security scanners. Founded sic[!]sec GmbH in 2010. OWASP Activities •	Participating in the German Chapter, German Chapter Board Member •	Project leader, maintainer, developer of OWASP EnDe Project •	Reviewer on some other OWASP projects (SoC 2008) •	CAL9000 (added some en-/decoding and request/response functionality; 2006) •	OWASP papers: o	Best Practices: WAF o	Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen Public Papers / Work •	HTTP State Management Mechanism (Cookie) current httpstate working group (contributor 2009/2010) •	Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen (author 2009) •	Web Application Security Threat Classification v2 (contributor 2008/2009/2010) •	Best Practices: Einsatz von Web Application Firewalls (co-author, 2008) •	Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices (author, 2005/2006) •	Web Application Firewall Evaluation Criteria (contributor, 2005) •	Web Application Security Threat Classification v1 (contributor and German translation, 2004/2005)

Hofmann, Chris
<div style=“text-align:justify”>As Director of Engineering and then Special Projects at the Mozilla Foundation and Corporation since 2003, Chris Hofmann has spearheaded the research and development work of thousands of open source contributors around the world. A Netscape employee before joining Mozilla, Chris contributed to every Netscape and Mozilla browser release since 1996. As the first employee at the Mozilla Foundation in August 2003, Chris led a small but devoted team of the original ten engineers that established the Mozilla Foundation as an independent and self-sustaining organization. In 2004, Chris managed and executed the first worldwide release of Mozilla Firefox 1.0. Firefox 1.0 helped to fulfill the Mozilla Foundation’s goal of supporting open Web standards and provide innovation and choice for Internet client software and set Firefox on a path to remarkable market share growth over the last several years. Chris now helps to build and strengthen Mozilla communities around the world. These contributors and communities are involved with localization of Firefox in to over 70 languages, extend Firefox with Addons, and provide support to Firefox users. He engages with security researchers to help improve browser security and manages Mozilla's Security Bug Bounty Program. He is also interested in engaging, helping, and promoting the work done in companies and large institutions to deploy Firefox use and Mozilla technology.

Hogben, Giles
<div style=“text-align:justify”>Dr Giles Hogben is programme manager for secure services at the European Network and Information Security Agency in Greece. He has led numerous studies on Network and Information security, including on topics such as Smartphone security, Cloud computing, Social Network security and European Identity card privacy. Before joining ENISA, he was a researcher at the Joint Research Centre in Ispra, Italy and led work on private credentials. He has a PhD in Computer Science from Gdansk University of Technology in Poland and graduated from Oxford University, UK in 1994 in Physics and Philosophy.

Ichnowski, Jeff
<div style=“text-align:justify”>Principal Architect at SuccessFactors

Jimenez, Juan Jose Rider
<div style=“text-align:justify”>CEO at WUL4, Spain • Finantial industry: designer of computer solutions(ecommerce, PCI-DSS, etc) • Healthcare system architect: ChipCard (https://www.chipcard-salud.es/) • SOA-related technologies expert • Web Services expert • High-performance required application architect • J2EE related-technologies expert • IBM Websphere expert • Payment methods and protocols, ecommerce, Internet, 3D-Secure, 3DSET, SPA/UCAF, etc • JSF, RichFaces, Ajax • Team Leadership. • Business Development. Specialties: E-Invoice expert(facturae, etc), PCI-DSS, Security for Web Applications, Web Services, e-commerce, SOA, J2EE,...

Jorge, Eduardo
<div style=“text-align:justify”>Enter bio here.

Kang, Abraham
<div style=“text-align:justify”>Work for financial institution in their code review group Have been working on application security issues for over 8 years (focused on security code review for last 3+ years). Published articles related to enterprise application integration, scalability, and security. Been recently focused on XSS remediation and DOM based XSS. Also interested in Unicode exploits and filter bypassing using character set mismatches. Recently contributed the candidate chapter for Output Encoding for the Web App Security Guide 3.0. Looking to contribute more to XSS, AJAX security, Unicode content on the OWASP site.

Keary, Eoin
<div style=“text-align:justify”>Eoin is a senior manager with Ernst & Young Risk Advisory Services responsible for Attack and Penetration services for EMEIA. He is a member of the Global Board of OWASP, the founder of the Irish chapter of OWASP and also editor/lead of the published OWASP Code Review (2007/2008) and Testing (V2.0) Guides 2007. He specializes in global large scale penetration testing services. He is also a coordinator for OWASP EU 2011 (to be held in June 2011) and previously organized OWASP Ireland 2009 & 2010

Knobloch, Martin
<div style=“text-align:justify”>Martin Knobloch is a independent Security Consultant at http://www.pervasec.nl. In his previous employment at Sogeti Netherlands B.V., Martin founded and lead the Information security task-force PaSS (Proactive Security Strategy) addressing organization, infrastructure and software. Martin is member of the OWASP Netherlands Chapter Board and Chair of the Global Education Committee. He is leading and contributing to various OWASP Project and is member of the OWASP Summit organization team.

Kosturjak, Vlatko
<div style=“text-align:justify”>Vlatko Kosturjak is security consultant delivering his services in Europe, Middle East and Africa (EMEA) region. He holds multiple certs like PCI QSA, CISSP, CISA, C|EH, LPIC-3... He likes to contribute to open source (security) software and you can find his code in snort, OpenVAS, Nmap, Metasploit and w3af. He is OWASP Croatia chapter leader and OWASP favicon project leader.

Koussa, Sherif
<div style=“text-align:justify”>Sherif Koussa is an application security independent consultant. Founder and Leader of OWASP Ottawa since 2006. Founder and principal consultant for Software Secured; an application security boutique shop.

Kuivenhoven, Marinus
<div style=“text-align:justify”>Enter bio here.

Kumar, Nishi
<div style=“text-align:justify”>Enter bio here.

Li, Jason
<div style=“text-align:justify”>Enter bio here.

Lindsay, David
<div style=“text-align:justify”>Enter bio here.

Long, Jeremy
<div style=“text-align:justify”>Enter bio here.

Loureiro, Nuno
<div style=“text-align:justify”>Enter bio here.

Luptak, Pavol
<div style=“text-align:justify”>Enter bio here.

Lyon, Chris
<div style=“text-align:justify”>Enter bio here.

Manico, Jim
<div style=“text-align:justify”>Enter bio here.

Maor, Ofer
<div style=“text-align:justify”>Enter bio here.

Mancini, Lucilla
<div style=“text-align:justify”>Enter bio here.

Martinez, Mateo
<div style=“text-align:justify”>Enter bio here.

Martorella, Christian
<div style=“text-align:justify”>Enter bio here.

Matatall, Neil
<div style=“text-align:justify”>Enter bio here.

McGeehan, Ryan
<div style=“text-align:justify”>Enter bio here.

Melo, Ricardo
<div style=“text-align:justify”>Enter bio here.

Mendo, Tiago
<div style=“text-align:justify”>Enter bio here.

Meucci, Matteo
<div style=“text-align:justify”>Enter bio here.

Nagra, Jasvir
<div style=“text-align:justify”>Enter bio here.

Neaves, Tom
<div style=“text-align:justify”>Enter bio here.

Paiva, Sandra
<div style=“text-align:justify”>Enter bio here.

Pegorelli, Marta
<div style=“text-align:justify”>Enter bio here.

Perego, Paolo
<div style=“text-align:justify”>Enter bio here.

Potjes, Linda
<div style=“text-align:justify”>Enter bio here.

Reinhart, Ralf
<div style=“text-align:justify”>Enter bio here.

Richler, Heiko
<div style=“text-align:justify”>Enter bio here.

Rohr, Mathias
<div style=“text-align:justify”>Enter bio here.

Ross, David
<div style=“text-align:justify”>Enter bio here.

Roth-Mandutz, Elke
<div style=“text-align:justify”> I am working as research assistant at the Georg-Simon-Ohm University of Applied Sciences in Nuremberg, Germany. The research project started in September 2010 with the objection to detect and evaluate the privacy impact of web-sites based on client-side analysis. The privacy impact should be made user visible.

Prior to the research project, I worked for many years in the mobile communication sector, mostly as system engineer for GSM and UMTS infrastructure.

Saario, Mikko
<div style=“text-align:justify”>Enter bio here.

Samuel, Michael
<div style=“text-align:justify”>Enter bio here.

Schmidt, Chris
<div style=“text-align:justify”>Enter bio here.

Schuh, Justin
<div style=“text-align:justify”>Enter bio here.

Schwartz, Stephen
<div style=“text-align:justify”>Enter bio here.

Searle, Justin
<div style=“text-align:justify”>Enter bio here.

Secker, Tanya
<div style=“text-align:justify”>Enter bio here.

Serrao, Carlos
<div style=“text-align:justify”>Enter bio here.

Stasinopoulos, Anastasios
<div style=“text-align:justify”>Enter bio here.

Sterne, Brandon
<div style=“text-align:justify”>Enter bio here.

Steven, John
<div style=“text-align:justify”>Enter bio here.

Su, Cecil
<div style=“text-align:justify”>Enter bio here.

Tasar, Vehbi
<div style=“text-align:justify”>Enter bio here.

Taylor, Jason
<div style=“text-align:justify”>Enter bio here.

Tesauro, Matt
<div style=“text-align:justify”>Enter bio here.

Thomas, Mark
<div style=“text-align:justify”>Enter bio here.

Tomhave, Benjamin
<div style=“text-align:justify”>Enter bio here.

Turpin, Keith
<div style=“text-align:justify”>Enter bio here.

Tusha, Ervis
<div style=“text-align:justify”>Enter bio here.

UcedaVelez, Tony
<div style=“text-align:justify”>Enter bio here.

Uhley, Peleus
<div style=“text-align:justify”>Enter bio here.

van der Baan, Steven
<div style=“text-align:justify”>Enter bio here.

Vasilopoulos, Kyprianos
<div style=“text-align:justify”>Enter bio here.

Vela, Eduardo
<div style=“text-align:justify”>Enter bio here.

Vilares Da Silva, Luis
<div style=“text-align:justify”>Enter bio here.

Vlachos, Vasileios
<div style=“text-align:justify”>Enter bio here.

Watson, Colin
<div style=“text-align:justify”>Enter bio here.

Weston, David
<div style=“text-align:justify”>Enter bio here.

Wichers, Dave
<div style=“text-align:justify”>Enter bio here.

Wilander, John
<div style=“text-align:justify”>Enter bio here.

Williams, Jeff
<div style=“text-align:justify”>Enter bio here.

Wilson, Doug
<div style=“text-align:justify”>Enter bio here.

Wysopal, Chris
<div style=“text-align:justify”>Enter bio here.

Yeo, John
<div style=“text-align:justify”>Enter bio here.

Zusman, Mike
<div style=“text-align:justify”>Enter bio here.