This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Pen-Test Panel

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The Panel

  • Matthew Fisher, Piscis Security (moderator)
  • Kevin Johnson, SecurIdeas
  • Ken Johnson, FishNet Security
  • Josh Abraham, Rapid7

The Moderator

Matthew Fisher was the first Security Engineer hired by SPI Dynamics - arguably one of the most successful web application security companies in the industry - where he had great input into the evolution of WebInspect. During his 8 year tenure in the web application security field, Mr. Fisher performed application assessments and consulted to hundreds of customers in the Federal Government, Department of Defense, E-Commerce, and Financial industries. He became known for primary research, and his ability to quickly learn and decipher new technologies and issues. He left Hewlett-Packard in 2008 (less than a year following the acquisition of SPI Dynamics) to start Piscis. An expert in application security assessments, Mr. Fisher is credited with several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker.

Piscis now has over 2 years of Government performance, and has demonstrated leadership within both the public and private sectors. Their insistent on the use of only "top-shelf" engineers and their advanced proprietary methodology, along with RealRisk reporting has earned them a reputation for performing extremely high quality assessments that go far beyond what the usual "scanner shops" are capable of performing.


Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Ken Johnson is a Senior Application Security Consultant with FishNet Security performing dynamic analysis, source code analysis and web application penetration testing. Ken has worked for both government and corporate organizations both at home and abroad.

Joshua “Jabra” Abraham joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at BlackHat, DefCon, ShmooCon, The SANS Pentest Summit, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ. He is frequently quoted in the media regarding Microsoft Patch Tuesday and web application security by ComputerWorld, DarkReading and SC Magazine.