OWASP AppSec DC 2012/2012 Global Security Report
The Trustwave 2012 Global Security Report highlights top data security risk areas, offering predictions on future targets based on analysis and perceived trends.
This 45 min., presentation will provide the attendee with a understanding current threats, techniques and entertaining examples
-Results from over 300 incident response and forensic investigations performed across 18 different countries _ you can learn how to fight better if you understand history.
-Results analysis from over 2000 manual penetration tests and over 2 million network and application vulnerability scans the results will surprise you. _ attendee will better understand what SpiderLabs is seeing in the real world
-Analysis and trends from 16 Billion emails from 2008 to 2011 _ the results are surpising -Usage and weakness analysis of over 2 million business passwords _ what r00t can tell you about your user base.
- Analysis of Denial of Service incidents of 2011 and update on OWASP http post tool and the OWASP CRS Mod_Security project
-Analysis of almost 300,000 different digital certificates (SSL) from a scan of over 17 million Internet facing devices including The Online Certificate Status Protocol (OCSP) usage data from our SSL infrastructure
References to OWASP projects and methodologies in helping the attendee deal with yesterdays problems, tomorrow.
Tom's colossal cave adventure started the same year as WarGames armed with a Televideo 802H, Commodore and Atari 8-Bit machines and a set of lock-picks, the hobby moved quickly from handles to mainstream. Tom took a front row seat on the architecture, development, administration and security of computer-controlled systems with experiences ranging from the financial trading floor of Wall Street to the United States Marines Corps
- Recent Wiki Edits
- OWASP Foundation, 2007-Current International Board of Directors / Chapter Leader / Project Leader
- FBI Infragard 2002-2004 Board of Directors, New Jersey – Secure Member
- American Bar Association - Science & Technology Law Committee
- ISO CS1 Ad Hoc Meeting Participant
- Marine Corps League - Member
- American Legion - Member
- IEEE - Member
- NBISE - Operational Security Testing Panel Member
Tom is the Director of Strategic Initiatives, at Trustwave SpiderLabs and to clients the largest red team in the world focused on response and investigation, analysis and testing, research and development. <Blog> Trustwave with over 700 employees is headquartered in the United States in Chicago, Ill. with offices throughout Africa, Asia, Australia, Europe, North America and South America more info..
A father of four children, Tom is frequent and entertaining speaker at information security conferences on the convergence of physical and software security risks, threats and suggestions on a better approach.
Senior Vice President, SpiderLabs Trustwave
With more than 15 years of information security experience, Percoco leads the global SpiderLabs organization that has performed more than 1300 computer incident response and forensic investigations globally, run thousands of ethical hacking and application security tests for clients, and conduct bleeding-edge security research to improve Trustwave's products.
Prior to joining Trustwave, Percoco ran security consulting practices at VeriSign, and Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS).
As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public (Black Hat, DEFCON, SecTor, You Sh0t the Sheriff, OWASP) and private audiences (Including DHS, US-CERT, Interpol, United State Secret Service) throughout North America, South America, Europe, and Asia.
Percoco and his research has been featured by many news organizations including: The Washington Post, eWeek, PC World, CNET, Wired, Hakin9, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times and The Wall Street Journal.
In 2011, SC Magazine named Percoco Security Researcher of the Year. In addition, he was inducted into the inaugural class of the Illinois State University College of Applied Science and Technology Academy of Achievement.
Percoco is a member of the Dean's Advisory Board for The College of Applied Science & Technology at Illinois State University and a co-creator on the planning committee of THOTCON, a hacking and security conference held in Chicago each year. He has a Bachelor of Science in Computer Science from Illinois State University.