SnowFROC Abstract Peloquin
The Presentation: Building an Effective Application Security Program
It’s unanimous, Web application security has arrived!”, wrote WhiteHat Security CTO, Jeremiah Grossman, in a 12/26/2008 post to his blog. As Jeremiah points out in his post, every major report on security lists web applications as the number one attack vector. Assessments and penetration tests are essential elements of any Application Security Program, but they’re not enough. Organizations must take the next step, and insert security directly into the development lifecycle.
- Identify the pre-requisites you’re missing in your organization, and where you fall on the Application Security Scale of Maturity.
- Learn the steps involved in planning and executing an effective program.
- Learn to avoid common pitfalls.
The Speaker: Joey Peloquin
Joey Peloquin is the Director of Application Security at FishNet Security, where he’s responsible for project oversight and quality assurance, business development, and managing the team’s offerings and methodologies. He’s spent the last 9 of 15 years in I.T. specializing in Information Security, with approximately the last five specifically in Application Security. Prior to joining FishNet Security, he created the service offerings and methodology for Hewlett-Packard’s Application Security Center Professional Services Team (formerly SPI Dynamics). At HP, he managed all partner-delivered projects and was the team lead for the internal team with the responsibility of training and mentoring new consultants. Joey also spent nearly a decade with JCPenney Corporation, where he built the Application Security Program, and generated application security awareness through aggressive penetration testing policies.