This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Scalable Application Assessments in the Enterprise

Jump to: navigation, search

The presentation

Lars Ewe
That's right & we said scalable. Applications which live in the enterprise, COTS or otherwise; are often some of the most complex and time consuming to assess, when it comes to evaluating them for commonly exploited vulnerabilities, such as those listed by the OWASP Top 10. During this talk, the presenters will explore the ways in which in-depth, transaction based application assessments can be made to scale within the enterprise, through the use of automated assessment tools (such as Cenzic Hailstorm), and a rigorous assessment methodology. While excessive levels of assessment automation has in the past taken fire for the levels of false positives, and false negatives it can generate & manual testing has also developed a bad reputation in many circles due to its high costs and execution time generally associated with performing thorough application assessments with a wholly manual approach. The speakers will demonstrate a methodology, through which a middle ground may be attained, achieving an assessment which accurately addresses top of mind vulnerabilities, provides all of the benefits of a manual assessment, falls in budget and yes & scales!

The speakers

Tom Parker, Director Commercial Security Services, Securicon LLC. Mr. Parker is the Director of Securicon's Commercial Security Services, and has bottom line responsibility for the success of commercial projects, and leadership of our commercial services team. Mr. Parker is a recognized industry expert, has published over four books on the topic of information security and is a frequent speaker at professional security conferences, such as the Blackhat Briefings. Tom often lends his time to providing expert opinion to mass media organizations, including television appearances on BBC News and CNN, and is frequently quoted by printed and online media, including the likes of The Register, Reuters News, Wired and Business Week.

Lars Ewe, Chief Technology Officer and VP of Engineering, Cenzic Inc: Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts.