This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User:Wichers"

From OWASP
Jump to: navigation, search
(About)
m
 
(17 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
==BIO==
 
==BIO==
  
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of [http://www.aspectsecurity.com Aspect Security], a company that specializes in application security services. He is also a long time contributor to OWASP including being a member of the OWASP Board since it was formed.
+
Dave Wichers is a managing director for application security at Ernst & Young (www.ey.com). He was a cofounder of [https://www.aspectsecurity.com/ Aspect Security], a consulting company that specializes in application security services, that was acquired by EY in 2017. He is also a long time contributor to OWASP, helping to establish the OWASP Foundation in 2004, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013, served as [[Conferences | OWASP Conferences Chair]] from 2005 through 2008, was a coauthor of the [[Top10 | OWASP Top 10]] since its inception until 2017 release candidate 1 and led the project from 2007 thru May 2017. Dave is also the lead of the new OWASP [[Benchmark]] project and has also contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].
  
Dave has over 20 years of experience in the information security field, and has focused exclusively on application security since 1998. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science, is a CISSP, and a CISM.
+
Dave has over 30 years of experience in the information security field, and has focused exclusively on application security since 1998. At EY, he provides a wide variety of application security consulting services to EY's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science and is a CISSP.
  
 
==OWASP Contributions==
 
==OWASP Contributions==
  
I have been contributing to OWASP since 2002. In 2004, along with Jeff Williams, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, I have served and continue to serve as the de facto Chief Financial Officer of OWASP, managing all financial transactions, authorizing all payments from OWASP, and making sure we are good stewards of OWASP's financial resources. I also negotiate and sign for virtually all contracts OWASP enters into with other parties. I also established all the financial accounts for the OWASP Foundation including bank accounts, credit cards, tax IDs, and helped hire all the employees of the OWASP Foundation and provide oversight for their work. I also helped determine the benefits that these employees would receive, and established the procedures for how they would receive those benefits including health insurance, payroll, etc. In late 2004, I volunteered to become the OWASP Conferences Chair where I launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2008, and helped launch the Global Conferences Committee in 2009, which has now taken over the primary organizational duties for the OWASP Conferences. The OWASP Conferences have grown to serve as the primary fundraising resource for OWASP.  I have also spent countless hours helping to initially establish the OWASP wiki, and then continuing to improve it, proofreading articles, encouraging others to contribute, etc.  
+
I have been contributing to OWASP since 2002. In 2004, along with Jeff Williams, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, I served as the de facto Chief Financial Officer of OWASP, until the OWASP Board established an Executive Director in mid 2013. In late 2004, I volunteered to become the OWASP Conferences Chair where I launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2008, and helped launch the Global Conferences Committee in 2009, which organized the conferences from 2009 through 2012. The OWASP Conferences have since grown to serve as a primary revenue generating resource for OWASP.
  
As a volunteer to OWASP, Dave is:
+
As a volunteer to OWASP, Dave is or has been:
  
* A continuous member of the [[About_OWASP#Global_Board_Members|OWASP Board]] since it was established in 2004,  
+
* A member of the [[About_OWASP#Global_Board_Members|OWASP Board]] since it was established in 2004 through the end of 2013,  
* The [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair,
+
* The [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair from 2005 through 2008,
* Project lead and coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]],
+
* Project lead and coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]] thru May 2017,
* Coauthor of the [[ASVS | OWASP Application Security Verification Standard]],
+
* Coauthor of the first version of the [[ASVS | OWASP Application Security Verification Standard]],
 
* Contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project,
 
* Contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project,
* Lead of the OWASP Prevention Cheat Sheet Series and primary author of the [[SQL_Injection_Prevention_Cheat_Sheet | SQL Injection Prevention Cheat Sheet]].
+
* Past lead of the [[OWASP_Cheat_Sheet_Series | OWASP Prevention Cheat Sheet Series]] and primary author of the [[SQL_Injection_Prevention_Cheat_Sheet | SQL Injection Prevention Cheat Sheet]].
 +
* Lead of the OWASP [[Benchmark]] project. Benchmark project intro video: [[File:BenchmarkPodcastTitlePage.jpg|200px|link=https://www.youtube.com/watch?v=HQP8dwc3jJA&index=5&list=PLGB2s-U5FSWOmEStMt3JqlMFJvRYqeVW5]]
  
For more details than this short bio on what I've done at OWASP, listen to my [http://www.owasp.org/download/jmanico/owasp_podcast_82.mp3 OWASP podcast].
+
For more details than this short bio on what I've done at OWASP, listen to my [https://www.owasp.org/download/jmanico/owasp_podcast_82.mp3 OWASP podcast].
  
 
[[:Special:Contributions/Wichers|Wiki Contributions]]
 
[[:Special:Contributions/Wichers|Wiki Contributions]]
Line 26: Line 27:
 
I've also done lots of OWASP conference presentations. Here are some of them:
 
I've also done lots of OWASP conference presentations. Here are some of them:
  
 +
* 2015 AppSec USA: [https://appsecusa2015.sched.org/event/3r9k/using-the-owasp-benchmark-to-assess-automated-vulnerability-analysis-tools Using the OWASP Benchmark to Assess Automated Vulnerability Analysis Tools]
 +
* 2014 AppSec AsiaPac: [http://owaspappsecapac2014.sched.org/event/fec0f8c8cecafa44b1925641fbfee8fa#.U8hO02dOWJA AppSec at DevOps Speed and Portfolio Scale talk abstract]
 +
* 2014 AppSec AsiaPac: [http://owaspappsecapac2014.sched.org/event/c7ba6e43fa6f4a7e242c40c44c7164c9#.U8hObGdOWJA OWASP Top 10 2013 talk abstract]
 +
* 2013 AppSec USA: [http://appsecusa2013.sched.org/event/817cc39ce670549247d2d0ba05b02701#.Up99XsRDuO2 OWASP Top 10 2013 talk abstract] - [http://appsecusa.org/2013/wp-content/uploads/2013/12/OWASP-Top-10-2013-AppSec-USA.pptx Slides] - [https://www.youtube.com/watch?v=bWqb3Hemepc&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=17 Video]
 +
* 2013 AppSec EU: [https://www.owasp.org/images/1/17/OWASP_Top-10_2013--AppSec_EU_2013_-_Dave_Wichers.pdf OWASP Top 10 2013 - Slides] - [https://www.its.fh-muenster.de/owasp-appseceu13/rooms/Aussichtsreich_+_Freiraum/high_quality/OWASP-AppsecEU13-DaveWichers-OWASPTop10-2013_720p.mp4 Video]
 +
* 2012 AppSec USA: [https://www.owasp.org/images/c/c5/Unraveling_some_Mysteries_around_DOM-based_XSS.pdf Unraveling some of the Mysteries around DOM-based XSS]
 +
* 2012 AppSec EU: [https://www.owasp.org/images/3/30/AppSecEU2012_DOM-based_XSS.pdf Unraveling some of the Mysteries around DOM-based XSS]
 +
* 2012 AppSec DC: [[OWASP_AppSec_DC_2012/Unraveling_some_of_the_Mysteries_around_DOMbased_XSS | Unraveling some of the Mysteries around DOM-based XSS]]
 
* 2010 AppSec DC: [[The_Strengths_of_Combining_Code_Review_with_Application_Penetration_Testing | Strengths of Combining Code Review with Application Penetration Testing]] - [http://vimeo.com/groups/asdc10/videos/19104928 Video] | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]]
 
* 2010 AppSec DC: [[The_Strengths_of_Combining_Code_Review_with_Application_Penetration_Testing | Strengths of Combining Code Review with Application Penetration Testing]] - [http://vimeo.com/groups/asdc10/videos/19104928 Video] | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]]
 
* 2010 AppSec Europe: [[OWASP_AppSec_Research_2010_-_Stockholm,_Sweden#OWASP_Top_10_2010 | OWASP Top 10 for 2010 - Final]] - [http://owasp.blip.tv/file/3917942/ Video] |[[Media:OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf | PDF]]
 
* 2010 AppSec Europe: [[OWASP_AppSec_Research_2010_-_Stockholm,_Sweden#OWASP_Top_10_2010 | OWASP Top 10 for 2010 - Final]] - [http://owasp.blip.tv/file/3917942/ Video] |[[Media:OWASP_AppSec_Research_2010_OWASP_Top_10_by_Wichers.pdf | PDF]]
Line 38: Line 47:
 
* 2006 AppSec Seattle: Why AJAX Applications are far more likely to be insecure, and What to do about it - [http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt Slides]
 
* 2006 AppSec Seattle: Why AJAX Applications are far more likely to be insecure, and What to do about it - [http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt Slides]
  
=Why Me - For the 2011 OWASP Board Reelection=
+
Dave can be reached at: dave.wichers (at) ey.com or dave.wichers (at) owasp.org
 
 
I envision an OWASP that reaches every developer in the world and has a role in improving the security of every line of code written.  With 15m developers and a trillion lines of code already in existence, this is an enormous challenge – bigger and harder than network security in many ways.  I don’t have all the answers, but I know that the only way to find creative new approaches is to empower developers, security researchers, and consumers worldwide to work together.  Here are a few key areas that I believe will help us achieve our mission.
 
 
 
* Partnership – I believe in doing everything possible to make security easier for developers. By partnering, integrating, and cooperating with development projects and organizations, we can move away from reactive security and become part of the solution.  I think OWASP is uniquely positioned to bring together technology companies with security experts to make real progress.
 
 
 
* Finances – Money is one of the biggest challenges facing OWASP as we grow.  I think OWASP’s best role is not as funds collector and distributor -- but as connector, partner, and broker. This distributed, bottom-up strategy is the only approach that has a hope of scaling to the size of our challenge.  I’m a staunch defender of radical openness in all aspects of OWASP governance.
 
 
 
* Freedom and Openness – For OWASP to achieve its mission, we need an application security knowledgebase that is free and open for everyone. Unlocking this knowledge and making it easy to use are the only way to reach the scale we need. We’ve worked hard to build our reputation as an unbiased expert community, and I will work hard to protect it.
 
 
 
* International – OWASP is already international, and I will continue to build chapters and conferences in countries around the world. I will also encourage building bridges with governments worldwide to support their application security growth.  We need the diversity and energy from the entire world to achieve our mission.
 
 
 
As the only Member of the Board running for reelection that has been a board member since the Foundation was established, I plan to continue to help OWASP grow and succeed in its mission. I have successfully helped take OWASP from a loose federation of a few dozen volunteers in cyberspace back in 2002 to a Global force in Application Security in 2011 with thousands of members, hundreds of chapters and projects, and dozens of conferences annually around the world. My lengthy experience and continued passion for OWASP should serve me well as I continue my role as a member of the OWASP board for the next 2 years and hopefully beyond. I have helped shaped OWASP and its core values for the last decade, still strongly believe in its mission, and intend to continue to heavily contribute for years to come.
 
 
 
Dave can be reached at: dave.wichers (at) aspectsecurity.com or dave.wichers (at) owasp.org
 

Latest revision as of 18:33, 22 April 2019

About

BIO

Dave Wichers is a managing director for application security at Ernst & Young (www.ey.com). He was a cofounder of Aspect Security, a consulting company that specializes in application security services, that was acquired by EY in 2017. He is also a long time contributor to OWASP, helping to establish the OWASP Foundation in 2004, serving on the OWASP Board since it was formed from 2004 through 2013, served as OWASP Conferences Chair from 2005 through 2008, was a coauthor of the OWASP Top 10 since its inception until 2017 release candidate 1 and led the project from 2007 thru May 2017. Dave is also the lead of the new OWASP Benchmark project and has also contributed to numerous other important OWASP projects including WebGoat, ESAPI, ASVS, and the OWASP Cheat Sheet Series.

Dave has over 30 years of experience in the information security field, and has focused exclusively on application security since 1998. At EY, he provides a wide variety of application security consulting services to EY's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science and is a CISSP.

OWASP Contributions

I have been contributing to OWASP since 2002. In 2004, along with Jeff Williams, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, I served as the de facto Chief Financial Officer of OWASP, until the OWASP Board established an Executive Director in mid 2013. In late 2004, I volunteered to become the OWASP Conferences Chair where I launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2008, and helped launch the Global Conferences Committee in 2009, which organized the conferences from 2009 through 2012. The OWASP Conferences have since grown to serve as a primary revenue generating resource for OWASP.

As a volunteer to OWASP, Dave is or has been:

For more details than this short bio on what I've done at OWASP, listen to my OWASP podcast.

Wiki Contributions

I've also done lots of OWASP conference presentations. Here are some of them:

Dave can be reached at: dave.wichers (at) ey.com or dave.wichers (at) owasp.org