This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User:Yiannis"
m |
m (Some 2014 risk engineering references) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | There is a world of numbers, hiding behind letters, inside computers | + | There is a world of numbers, hiding behind letters, inside computers, this is what stimulates my work. I am currently employed in IT risk management within the financial industry, running a team of technical risk assessors. Prior to this, I spent 5 years in the world of professional penetration testing. I focused my career evolution on assisting large scale projects actually implement secure development practices. This included teaching developers how to write secure code. For OWASP, I was the project leader for JBroFuzz and used to chair the Global Industry Committee. I am on the Application Security Advisory Board of the (ISC)2. My academic qualifications include a [http://wrap.warwick.ac.uk/1193/ PhD in information security], designing routing protocols for ad-hoc networks. I am a certified scrum master and hold the CISSP certification. |
+ | |||
+ | '''Information Assurance: Risk Management & Risk Control''' | ||
+ | |||
+ | *2014 - ISC2 EMEA Congress [http://emeacongress.isc2.org/events/-isc-security-congress-emea-2014/custom-36-fab6fa4c21114b97b700ecf2b6b9bf01.aspx Risk Engineering] | ||
+ | *2014 - ISC2 Security Congress Atlanta [https://congress.isc2.org/session/session-3248-building-agile-risk-assessment-program-keeping-pace-hackers Building an Agile Risk Assessment Program - Keeping Up with the Pace of Hackers] | ||
+ | |||
+ | '''Application Security''' | ||
+ | |||
+ | *2011 - Web-Spa [http://code.google.com/p/web-spa/ Single Request Authorisation Web Knocking] | ||
+ | *2011 - Port Knocking Web Implementations [http://www.portknocking.org/view/implementations Ideas for more ports] | ||
+ | *2011 - Swiss Cyber Storm [https://www.swisscyberstorm.com/speakers/pavlosoglou.html Protecting Web Applications through Port Knocking] | ||
+ | *2009 - WebGoat Off-By-One Lesson [http://webgoat.googlecode.com/svn-history/r436/trunk/webgoat/src/main/java/org/owasp/webgoat/lessons/OffByOne.java WebGoat Off-By-One Lesson Remains to be Published] | ||
'''OWASP Life in Bullets:''' | '''OWASP Life in Bullets:''' | ||
Line 7: | Line 19: | ||
*2010 - OWASP London [http://www.owasp.org/index.php/London#Thursday.2C_January_14th_2010 http://www.owasp.org/index.php/London#Thursday.2C_January_14th_2010] | *2010 - OWASP London [http://www.owasp.org/index.php/London#Thursday.2C_January_14th_2010 http://www.owasp.org/index.php/London#Thursday.2C_January_14th_2010] | ||
**Penetration Testing with Selenium | **Penetration Testing with Selenium | ||
+ | *2009 - OWASP Global Industry Committee [http://www.owasp.org/index.php/Global_Industry_Committee http://www.owasp.org/index.php/Global_Industry_Committee] | ||
+ | *2008 - OWASP NYC Conference [http://video.google.com/videoplay?docid=-1551704659206071145# http://video.google.com/videoplay?docid=-1551704659206071145#] | ||
+ | **JBroFuzz - Building a Java Fuzzer | ||
+ | *2008 - Deepsec Vienna [http://2008.deepsec.net/ http://2008.deepsec.net/] | ||
+ | **Hybrid Code Auditing: A Dataflow Source Code Review Methodology | ||
+ | *2007 - OWASP New York/New Jersey [http://www.owasp.org/images/4/4e/OWASP_NY_07-Financial-Real-Time-Threats_Pavlosoglou.ppt http://www.owasp.org/images/4/4e/OWASP_NY_07-Financial-Real-Time-Threats_Pavlosoglou.ppt] | ||
+ | **Financial Real-Time Threats: Impacting Trading Floor Operations | ||
+ | *2006 - JBroFuzz Project Leader [http://lists.owasp.org/mailman/listinfo/owasp-jbrofuzz http://lists.owasp.org/mailman/listinfo/owasp-jbrofuzz] | ||
+ | ** JBroFuzz Mailing List | ||
'''Project Involvement''' | '''Project Involvement''' |
Latest revision as of 17:04, 28 December 2014
There is a world of numbers, hiding behind letters, inside computers, this is what stimulates my work. I am currently employed in IT risk management within the financial industry, running a team of technical risk assessors. Prior to this, I spent 5 years in the world of professional penetration testing. I focused my career evolution on assisting large scale projects actually implement secure development practices. This included teaching developers how to write secure code. For OWASP, I was the project leader for JBroFuzz and used to chair the Global Industry Committee. I am on the Application Security Advisory Board of the (ISC)2. My academic qualifications include a PhD in information security, designing routing protocols for ad-hoc networks. I am a certified scrum master and hold the CISSP certification.
Information Assurance: Risk Management & Risk Control
- 2014 - ISC2 EMEA Congress Risk Engineering
- 2014 - ISC2 Security Congress Atlanta Building an Agile Risk Assessment Program - Keeping Up with the Pace of Hackers
Application Security
- 2011 - Web-Spa Single Request Authorisation Web Knocking
- 2011 - Port Knocking Web Implementations Ideas for more ports
- 2011 - Swiss Cyber Storm Protecting Web Applications through Port Knocking
- 2009 - WebGoat Off-By-One Lesson WebGoat Off-By-One Lesson Remains to be Published
OWASP Life in Bullets:
- 2010 - Bletchley Park ISSA UK Hacking for Queen and Country
- 2010 - OWASP GitHub http://www.owasp.org/index.php/Category:OWASP_GitHub
- 2010 - OWASP London http://www.owasp.org/index.php/London#Thursday.2C_January_14th_2010
- Penetration Testing with Selenium
- 2009 - OWASP Global Industry Committee http://www.owasp.org/index.php/Global_Industry_Committee
- 2008 - OWASP NYC Conference http://video.google.com/videoplay?docid=-1551704659206071145#
- JBroFuzz - Building a Java Fuzzer
- 2008 - Deepsec Vienna http://2008.deepsec.net/
- Hybrid Code Auditing: A Dataflow Source Code Review Methodology
- 2007 - OWASP New York/New Jersey http://www.owasp.org/images/4/4e/OWASP_NY_07-Financial-Real-Time-Threats_Pavlosoglou.ppt
- Financial Real-Time Threats: Impacting Trading Floor Operations
- 2006 - JBroFuzz Project Leader http://lists.owasp.org/mailman/listinfo/owasp-jbrofuzz
- JBroFuzz Mailing List
Project Involvement
- DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
- JBroFuzz - http://www.owasp.org/index.php/JBroFuzz
Contact
Yiannis Pavlosoglou
[email protected]