Marco Morana

Revision as of 17:31, 22 August 2009 by Marco-cincy (Talk | contribs)

Jump to: navigation, search

Marco Morana serves the OWASP organization by leading the USA Cincinnati chapter and by contributing writing the application threat modeling methodology of the OWASP secure coding guide and the introduction to the security testing methodology and value the real risk section of the OWASP security testing guide. Marco has been also one of the reviewers of the OWASP Source Code Review Project and is currently reviewing OWASP Security Analysis of Core J2EE Design Patterns Project. Marco has presented on the topic of software and application security at several OWASP organized conferences in USA and overseas as well as at CSI and Blackhat. Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the software security coding standards, management of security assessments during the SDLC, threat modeling and design reviews of web and mobile applications and training of software developers, project managers and architects on different topics related to application security. Marco research work on application and software security is widely published on several magazines such as In-secure magazine,Secure Enterprise, ISSA Journal and the C/C++ Users journal. Marco's work is referred in DHS Software Security Assurance. Marco is the co-author of the book on Application Threat Modeling to be published by Wiley Publishers in Q2 2010. Marco’s ideas and strategies for writing secure software are posted on his blog: and can be contacted by email at [marco][dot][m][dot][morana][at][gmail][dot][com]