This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/Overcoming the Quality vs Quantity Problem in SoftwareSecurity Testing

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |

The Presentation

The current state of software security poses a very serious problem when it comes to technology. Does the organization strive for more quality, or quantity in uncovering critical software security defects? Unfortunately as a result of the constraints of many security organizations' budgets and available resources these critical components are often mutually exclusive. Organizations shouldn't have to sacrifice quality for quantity, or vice versa their software security programs.
While obtaining good quantity of coverage (both inside a single application from a static and dynamic perspective and across the enterprise application landscape) is critical to understanding the total threat profile of an organization, the organization simply can't forego the quality aspect because a poor test can not only provide a false statement of compliance but create the illusion of security. So what can organizations constrained by resources, capital and knowledge do to balance quantity against quality in their software security programs?
How can people, process, and technologies be leveraged to effectively balance the quantity vs. quality scale? The speaker will address this very critical balance from a vendor-neutral, technology-agnostic perspective, giving developers, quality analysts and security testers the perspective necessary to provide optimal balance.

The Speakers

Rafal Los

Rafal Los, Chief Security Evangelist for Hewlett-Packard Software, combines nearly 15 years of subject-matter expertise in information security with a critical business risk management perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals. He is a featured speaker at events around the globe, and has presented at events produced by OWASP, ISSA, Black Hat, and SANS among many others. He stays active in the community by writing, speaking and contributing research, representing HP in OWASP, the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on security and risk management has amassed a following from his industry peers, business professionals, and even the media and can be found at

Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and risk-management strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg