Difference between revisions of "The Big Picture: Web Risks and Assessments Beyond Scanning"

From OWASP
Jump to: navigation, search
(The speaker)
 
Line 4: Line 4:
  
 
== The speaker ==
 
== The speaker ==
Matt Fisher's Bio
+
Matthew Fisher was the first Security Engineer hired by an industry leading application security company that was acquired by Hewlett-Packard in 2007.  Shortly thereafter he left HP to form Piscis; an emergent boutique of veterans focused squarely on the art and science of application security.  As a pioneer and industry leader, Matt has several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker, having presented at ShmooCon, ToorCon, Gartner, CSI, ReBl, DoD Cybercrime, and many others.  He can be contacted at info @ Piscis-security.com
  
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

Latest revision as of 22:09, 19 August 2009

The presentation

Owasp logo normal.jpg
This talk is an unabashed look at the role and limitations of automated technologies in a complete web risk assessment by an industry pioneer and veteran. Whereas once a good web scanner could be thought of at the sum total of a strong web application security program, now it's only the beginning. We will look at a broader picture of web risks and their associated threats, and what assessment techniques and technologies can be applied to them.

The speaker

Matthew Fisher was the first Security Engineer hired by an industry leading application security company that was acquired by Hewlett-Packard in 2007.  Shortly thereafter he left HP to form Piscis; an emergent boutique of veterans focused squarely on the art and science of application security.  As a pioneer and industry leader, Matt has several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker, having presented at ShmooCon, ToorCon, Gartner, CSI, ReBl, DoD Cybercrime, and many others.  He can be contacted at info @ Piscis-security.com