This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Jump to: navigation, search

John Heasman is the VP of Research for the US arm of NGSSoftware, a UK-based company with offices in Seattle (where he is based). NGS carries out sophisticated security assessments for the world's leading software vendors and financial institutions.

John is a prolific security researcher having published numerous advisories in enterprise level software including Microsoft Windows, Exchange, Outlook, OpenOffice, PostgreSQL, Apple QuickTime, RealNetworks RealPlayer and Sun Microsystem's Java. He has a strong interest in database security and coauthored The Database Hacker's Handbook (Wiley, 2005) and The Shellcoder's Handbook, 2nd Edition (Wiley, 2007). He is a regular speaker at international security conferences and has presented at Black Hat, Defcon, ToorCon, LayerOne and the Computer Enterprise Incident Conference where he spoken on a variety of topics including design flaws in the Java Browser Plugin, EFI and BIOS rootkits.

John maintains a personal blog focused on his research at