Marco Morana

OWASP Bio - Marco Morana serves the OWASP organization by leading the USA Cincinnati chapter. His contribution to OWASP as author include the application threat modeling methodology of the OWASP secure coding guide the introduction to the security testing methodology and value the real risk section of the OWASP security testing guide. As project reviewer, Marco contributed to review the OWASP Source Code Review Project and OWASP Security Analysis of Core J2EE Design Patterns Project. Marco has presented on the topic of software and application security at several local chapter meetings and OWASP organized conferences in USA and Italy as well as at CSI and Blackhat security conferences. Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the software security coding standards, management of security assessments during the SDLC, threat modeling and design reviews of web and mobile applications and training of software developers, project managers and architects on different topics related to application security. Marco's work on application and software security has been published on In-secure magazine,Secure Enterprise, ISSA Journal and the C/C++ Users journal as well as DHS Software Security Assurance and is currently co-authoring a book on Application Threat Modeling. Marco’s ideas and strategies for writing secure software are posted on his blog: http://securesoftware.blogspot.com. For requesting Marco to speak at one of the OWASP chapters or application security conferences please refer to the OWASP on the move project herein or contact Marco directly by email: [marco][dot][m][dot][morana][at][gmail][dot][com]