Difference between revisions of "OWASP ESAPI AppSecDC"

From OWASP
Jump to: navigation, search
(The presentation)
(The speaker)
Line 5: Line 5:
  
 
== The speaker ==
 
== The speaker ==
Jeff has specialized in information security since 1989 and has published numerous papers focused on practical risk and assurance techniques. Jeff has been writing code for 25 years in many different environments but has focused primarily on Java and J2EE security for the past 10 years. Jeff is a primary author of the OWASP Top 10 Web Application Security Vulnerabilities and the OWASP Secure Software Development Contract Annex, and he leads several OWASP projects. He also chaired the group responsible for creating ISO 21827, the Systems Security Engineering Capability Maturity Model (SSE-CMM).
+
Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security risk management services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). Jeff has made extensive contributions to the application security community through OWASP, including the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, Risk Rating Methodology, several smaller security tools, and the worldwide local chapters program. Jeff has degrees in psychology, computer science, and human factors, and law.
 +
 
 +
Jeff has been training developers, architects, managers, and security specialists since 1994. He’s a trained facilitator and ran the SSE-CMM Author Group for several years. He’s spoken at many security conferences and participated in many panels, occasionally serving as moderator.  
  
 
[[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]
 
[[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

Revision as of 14:13, 4 August 2009

The presentation

Owasp logo normal.jpg

In an enterprise with hundreds or thousands of applications, securing one at a time is too expensive and takes too long. The goal of this session is to identify the strategies that most cost-effectively reduce risk over time. How do we craft an effective application security program using a combination of tools, standard controls, consultants, in-house teams, testers and auditors, and training. How can we manage the cost and risk over time – what metrics have proven to be effective in practice?

The speaker

Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security risk management services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). Jeff has made extensive contributions to the application security community through OWASP, including the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, Risk Rating Methodology, several smaller security tools, and the worldwide local chapters program. Jeff has degrees in psychology, computer science, and human factors, and law.

Jeff has been training developers, architects, managers, and security specialists since 1994. He’s a trained facilitator and ran the SSE-CMM Author Group for several years. He’s spoken at many security conferences and participated in many panels, occasionally serving as moderator.