Presentation Title What application security tools vendors don’t want you to know and holes they will never find!

Presentation Abstract

Software and application security is a hard nut to crack. Traditional network and operating system assessment and protection tools can be taught to look for repeatable conditions with reasonable results. However (and despite heavy marketing suggesting other wise) application protection and assessment tools suffer from a significant different order of problem. In this talk John Viega and Mark Curphey will systematically discuss and demonstrate the limitations of automated protection and assessment tools using live working examples. The talk will focus on code review tools, web application scanners and web application firewalls.

About Mark Curphey

Mark Curphey is the Vice President of Consulting at Foundstone and responsible for the global services team. Recognized for his work in the software security field, Mark was the Director of Information Security at Charles Schwab (a large US based financial services company) where he was responsible for creating and managing the global application security program when software security wasn’t yet on most companies radars. Mark founded OWASP, the Open Web Application Security Project that has become a well thought of reference site for developers and system architects and recommended reading by the US Federal Trade Committee. He has a Masters Degree in Information Security from the renowned Royal Holloway, University of London where he specialized in advanced cryptography. Mark is a Microsoft MVP for developer security.

In his words “I am passionate about software security; and I am passionate about preventing this industry spinning out of control with marketing and hype. This will definitely not be your average presentation with bullet pointed slides and the same old message regurgitated! Come prepared!”

---

Note: Mark will be presenting this keynote with John Viega (Chief Security Architect, McAfee Inc.)