This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

The Big Picture: Web Risks and Assessments Beyond Scanning

Jump to: navigation, search

The presentation

Owasp logo normal.jpg
This talk is an unabashed look at the role and limitations of automated technologies in a complete web risk assessment by an industry pioneer and veteran. Whereas once a good web scanner could be thought of at the sum total of a strong web application security program, now it's only the beginning. We will look at a broader picture of web risks and their associated threats, and what assessment techniques and technologies can be applied to them.

The speaker

Matthew Fisher was the first Security Engineer hired by an industry leading application security company that was acquired by Hewlett-Packard in 2007.  Shortly thereafter he left HP to form Piscis; an emergent boutique of veterans focused squarely on the art and science of application security.  As a pioneer and industry leader, Matt has several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker, having presented at ShmooCon, ToorCon, Gartner, CSI, ReBl, DoD Cybercrime, and many others.  He can be contacted at info @