Hacking by Numbers - Revision history

Leeannehart at 15:25, 20 October 2009

2009-10-20T15:25:53Z

Brennan at 23:08, 3 October 2009

2009-10-03T23:08:55Z

Brennan at 23:08, 3 October 2009

2009-10-03T23:08:04Z

Brennan at 23:07, 3 October 2009

2009-10-03T23:07:28Z

Brennan at 23:06, 3 October 2009

2009-10-03T23:06:37Z

Mark.bristow: Created page with '== The presentation == rightThere is a difference between what is possible and what is probable, something we often lose sight of in the world o…'

2009-08-04T19:10:02Z

Created page with '== The presentation == rightThere is a difference between what is possible and what is probable, something we often lose sight of in the world o…'

New page

== The presentation ==

[[Image:Owasp_logo_normal.jpg|right]]There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.

== The speaker ==

Tom is a member of the WhiteHat Security team and a volunteer to the OWASP Foundation. Known as Semper Fidelis and as a voracious technovore who excels in solving technical and business issues, strengthening partnerships and cultivating new business relationships. Strong interpersonal skills with the ability to work in a team environment or independently to complete the mission a style acquired while serving with the United States Marines Corps.

Frequent conference speaker and regularly quoted in the media such as the Wall Street Journal, NBC & ABC News in NYC, USA Today, CRN and Dark Reading on technology topics.

Tom has led teams and delivered hands-on technical services for over a decade circumventing, defeating and otherwise thwart clients internal and external security controls for a multitude of public and private critical infrastructure clients. He has also contributed to successful dot-com start-up's, commercial and open-source projects. In addition to raw skill, he holds agnostic industry certifications including: Certified Information Systems Security Professional (CISSP), ISACA Certified Information Security Manager (CISM), National Security Agency, INFOSEC Assessment Methodology (IAM), and Certified Ethical Hacker (C|EH).

[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

@@ Line 5: / Line 5: @@
 == The speaker  ==
-Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found on a [http://www.proactiverisk.com webpage in a cloud]
+Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found at [http://www.proactiverisk.com his webpage on a cloud]
 [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

@@ Line 8: / Line 8: @@
 <div style="font-family: sans-serif; font-size: 12px; text-align: center;">
-<img src="http://doiop.com/asscert.png" border="0"><br /><a href="http://www.asscert.com/">Certified Application Security Specialist</a></div>
+<img src="http://doiop.com/asscert.png" <a href="http://www.asscert.com/">Certified Application Security Specialist</a></div>
 [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

← Older revision		Revision as of 23:07, 3 October 2009
Line 6:		Line 6:

	Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found on a [http://www.proactiverisk.com webpage in a cloud]		Tom is a member of the [http://www.whitehatsec.com WhiteHat Security] and serves as a Board Member of the OWASP Foundation more details can be found on a [http://www.proactiverisk.com webpage in a cloud]
		+
		+	<div style="font-family: sans-serif; font-size: 12px; text-align: center;">
		+	<img src="http://doiop.com/asscert.png" border="0"><br /><a href="http://www.asscert.com/">Certified Application Security Specialist</a></div>

	[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]		[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

@@ Line 1: / Line 1: @@
 == The presentation  ==
-[[Image:Owasp_logo_normal.jpg|right]]There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.
+[[Image:Tom_Brennan.jpg|200px|thumb|right|Tom Brennen]]There is a difference between what is possible and what is probable, something we often lose sight of in the world of information security. For example, a vulnerability represents a possible way for an attacker to exploit an asset, but remember not all vulnerabilities are created equal. Obviously we must also keep in mind that just because a vulnerability exists does not necessarily mean it will be exploited, or indicate by whom or to what extent. Clearly, many vulnerabilities are very serious leaving the door open to compromise of sensitive information, financial loss, brand damage, violation of industry regulations, and downtime. Some vulnerabilities are more difficult to exploit than others and therefore attract different attackers. Autonomous worms & viruses may attack one type of issue, while a sentient targeted attacker may prefer another path. Better understanding of these factors enables us to make informed business decisions about website risk management and what is probable.
 == The speaker  ==