This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

FROC2010 Abstract Whaley

Jump to: navigation, search

The Presentation: "Effectively marketing security as a win for both the business and the customer"

Despite heavily publicized security breaches and expansive industry regulations, security issues in modern web applications are often secondary to feature enhancements and customer service requests. Capturing developer and management attention is more a marketing problem than a technical discussion. If only security could be promoted as a feature for the customer, a direct avenue to new sales, perhaps the business would sit up and pay attention. Jeff Smith and Ben Whaley, senior resources at Rally Software and Applied Trust, respectively, developed an architectural security model for a large-scale next generation web application. Focusing on modern development practices for a Java and Oracle-based stack, the model captures security considerations within each module of the application. The security tenets were categorized and presented in a aesthetically-pleasing infographic format for consumption by developers, management and customers alike. As the application matures and grows, the model is updated to include new modules and the associated security requirements. The net result for Rally Software is a security conscious development team, engaged management, and easy answers to tough security questions from risk-adverse customers.

The Speakers: Ben Whaley and Jeff Smith

Ben Whaley

Ben Whaley is the Director of Enterprise Architecture at AppliedTrust, focusing on enterprise architecture, application security, UNIX and Linux systems, and performance tuning. Ben is a co-author of the UNIX and Linux System Administration Handbook, 4th edition, and has contributed articles to (IN)SECURE Magazine and He has worked extensively in the health care, government, and private sectors. Ben holds a B.S. in Computer Science from CU Boulder, and is a PCI Qualified Security Assessor, CISSP, and RHCE.

Jeff Smith

Jeff is a Development Manager at Rally Software and has been developing software using agile methods for 10 years. Jeff has been developing software for the web since 1995 and specializing in Java/J2EE systems for most of that. Jeff holds a B.S. in Computer Information Systems from Indiana University.

Back to Conference Agenda