This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/2012 Global Security Report

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

The Trustwave 2012 Global Security Report highlights top data security risk areas, offering predictions on future targets based on analysis and perceived trends.
This 45 min., presentation will provide the attendee with a understanding current threats, techniques and entertaining examples
-Results from over 300 incident response and forensic investigations performed across 18 different countries _ you can learn how to fight better if you understand history.
-Results analysis from over 2000 manual penetration tests and over 2 million network and application vulnerability scans the results will surprise you. _ attendee will better understand what SpiderLabs is seeing in the real world
-Analysis and trends from 16 Billion emails from 2008 to 2011 _ the results are surpising -Usage and weakness analysis of over 2 million business passwords _ what r00t can tell you about your user base.
- Analysis of Denial of Service incidents of 2011 and update on OWASP http post tool and the OWASP CRS Mod_Security project
-Analysis of almost 300,000 different digital certificates (SSL) from a scan of over 17 million Internet facing devices including The Online Certificate Status Protocol (OCSP) usage data from our SSL infrastructure
References to OWASP projects and methodologies in helping the attendee deal with yesterdays problems, tomorrow.

The Speakers

Tom Brennan


Tom's colossal cave adventure started the same year as WarGames armed with a Televideo 802H, Commodore and Atari 8-Bit machines and a set of lock-picks, the hobby moved quickly from handles to mainstream. Tom took a front row seat on the architecture, development, administration and security of computer-controlled systems with experiences ranging from the financial trading floor of Wall Street to the United States Marines Corps

- Recent Wiki Edits

- OWASP Foundation, 2007-Current International Board of Directors / Chapter Leader / Project Leader

- FBI Infragard 2002-2004 Board of Directors, New Jersey – Secure Member

- American Bar Association - Science & Technology Law Committee

- ISO CS1 Ad Hoc Meeting Participant

- Marine Corps League - Member

- American Legion - Member

- IEEE - Member

- NBISE - Operational Security Testing Panel Member

Tom is the Director of Strategic Initiatives, at Trustwave SpiderLabs and to clients the largest red team in the world focused on response and investigation, analysis and testing, research and development. <Blog> Trustwave with over 700 employees is headquartered in the United States in Chicago, Ill. with offices throughout Africa, Asia, Australia, Europe, North America and South America more info..

A father of four children, Tom is frequent and entertaining speaker at information security conferences on the convergence of physical and software security risks, threats and suggestions on a better approach.

To follow the daily antics of Tom on Twitter - Click Here, Linked'In Profile or call 973-202-0122.

Nick Percoco

Npercoco - crop - casual.jpg
Nicholas J. Percoco

Senior Vice President, SpiderLabs Trustwave

With more than 15 years of information security experience, Percoco leads the global SpiderLabs organization that has performed more than 1300 computer incident response and forensic investigations globally, run thousands of ethical hacking and application security tests for clients, and conduct bleeding-edge security research to improve Trustwave's products.

Prior to joining Trustwave, Percoco ran security consulting practices at VeriSign, and Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS).

As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public (Black Hat, DEFCON, SecTor, You Sh0t the Sheriff, OWASP) and private audiences (Including DHS, US-CERT, Interpol, United State Secret Service) throughout North America, South America, Europe, and Asia.

Percoco and his research has been featured by many news organizations including: The Washington Post, eWeek, PC World, CNET, Wired, Hakin9, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times and The Wall Street Journal.

In 2011, SC Magazine named Percoco Security Researcher of the Year. In addition, he was inducted into the inaugural class of the Illinois State University College of Applied Science and Technology Academy of Achievement.

Percoco is a member of the Dean's Advisory Board for The College of Applied Science & Technology at Illinois State University and a co-creator on the planning committee of THOTCON, a hacking and security conference held in Chicago each year. He has a Bachelor of Science in Computer Science from Illinois State University.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg