This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Arthur Hicken 2017 Bio & Why Me?

Jump to: navigation, search

Arthur Hicken

About Arthur: I've been working in the software industry for 25 years. I work at a company that creates tool like static analysis and unit test and participate in the SATE program as well as other industry initiatives to improve application security.

I have a blog related to software development issues that is heavy on appsec where I'm known as the Code Curmudgeon. I host there the SQLi Hall-of-Shame as well as the IoT Hall-of-Shame which are popular for tracking things that are happening in cybersecurity.

I speak frequently at conferences about cybersecurity issues, and in my "day job" I'm the corporate evangelist and I'm trying to help the industry move from a "test security in" mentality to a "build security in" engineering mentality.

Why Me?: I'm passionate about cybersecurity and I think we really need to expand outreach so more are aware, as well as correct misconceptions about doing appsec and swsec properly.

Today we've been conditioned by software vendors to think that we can test security into our applications and that static analysis's main role is to find bugs. The more proper role is to help us create code that isn't susceptible to attack in the first place. SQLi is a classic example of a vulnerability that is 100% preventable, but is still happening on a regular basis. I'd love to stamp it out.

In addition the burgeoning internet-of-things is full of wonderful possibilities for consumers, but it making all the same old IT mistakes about security and increasing the chances of successful cyber attacks. We need to make sure that IoT is built with security in mind so that it doesn't become the internet of evil things.