Difference between revisions of "Measuring Security: 5 KPIs for Successful Web App Security Programs"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightModern enterprises recognize the need to test their web applications for security vulnerabilities, but few security …')
 
(added link header)
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
 +
 +
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 +
<br>
 
== The presentation  ==
 
== The presentation  ==
  
[[Image:Owasp_logo_normal.jpg|right]]Modern enterprises recognize the need to test their web applications for security vulnerabilities, but few security organizations can quantify the success or failure of their programs to the business. That’s because traditional security lifecycle metrics fail to convey whether the organization is actually reducing risks. Attendees will learn how to develop organizational metrics that leverage proven QA data, in addition to security data, to form a complete picture. The session will cover five critical KPIs which demonstrate security risks associated with web applications as a function of overall software quality.  
+
[[Image:Raf_Official_HP_Headshot_Avatar.jpg|right]]Modern enterprises recognize the need to test their web applications for security vulnerabilities, but few security organizations can quantify the success or failure of their programs to the business. That’s because traditional security lifecycle metrics fail to convey whether the organization is actually reducing risks. Attendees will learn how to develop organizational metrics that leverage proven QA data, in addition to security data, to form a complete picture. The session will cover five critical KPIs which demonstrate security risks associated with web applications as a function of overall software quality.  
  
 
== Rafal Los  ==
 
== Rafal Los  ==
  
Speaker bio will be posted shortly.  
+
Rafal "Raf" Los, is a web application security  evangelist for the HP  Software & Solutions  business  at HP. Los is responsible for  bridging the gaps  between security technologies  and business  needs  to reduce enterprise risks and create embedded,  lasting  solutions on  behalf of the HP Application  Security Center group.  He has spent over 10 years  in  various facets of information  security and data  protection, building programs at  companies  ranging from startups to Fortune 50 enterprises.  Rafal is a regular speaker at security conferences including OWASP, SecTor, Defcon, CSI, and many other public and private events.  Additionally, Los  helped to  write the first release of  the Open Web Application  Security Project  (OWASP) testing  guide.
 +
 
 +
Prior to joining HP, Los led the web application  security program  and served as a  security lead at  General Electric (GE) Consumer  Finance. Los also  worked with GE Power  systems, leading security  engineering, architecture and building the web  application  security program. Before GE, Los helped  build a service-oriented  security consulting  company and was among the first 25  employees in  a successful financial-based startup,  leading  internet- facing systems and security management and  architecture.
 +
 
 +
Raf received his B.S. in Computer Information  Systems from  Concordia University, River Forest, Ill.
 +
 
 +
 
  
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]

Latest revision as of 23:59, 20 September 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Raf Official HP Headshot Avatar.jpg
Modern enterprises recognize the need to test their web applications for security vulnerabilities, but few security organizations can quantify the success or failure of their programs to the business. That’s because traditional security lifecycle metrics fail to convey whether the organization is actually reducing risks. Attendees will learn how to develop organizational metrics that leverage proven QA data, in addition to security data, to form a complete picture. The session will cover five critical KPIs which demonstrate security risks associated with web applications as a function of overall software quality.

Rafal Los

Rafal "Raf" Los, is a web application security evangelist for the HP Software & Solutions business at HP. Los is responsible for bridging the gaps between security technologies and business needs to reduce enterprise risks and create embedded, lasting solutions on behalf of the HP Application Security Center group. He has spent over 10 years in various facets of information security and data protection, building programs at companies ranging from startups to Fortune 50 enterprises. Rafal is a regular speaker at security conferences including OWASP, SecTor, Defcon, CSI, and many other public and private events. Additionally, Los helped to write the first release of the Open Web Application Security Project (OWASP) testing guide.

Prior to joining HP, Los led the web application security program and served as a security lead at General Electric (GE) Consumer Finance. Los also worked with GE Power systems, leading security engineering, architecture and building the web application security program. Before GE, Los helped build a service-oriented security consulting company and was among the first 25 employees in a successful financial-based startup, leading internet- facing systems and security management and architecture.

Raf received his B.S. in Computer Information Systems from Concordia University, River Forest, Ill.