This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 10:17, 20 October 2009 by Leeannehart (talk | contribs)

Jump to: navigation, search

The presentation

Jeff Williams

In an enterprise with hundreds or thousands of applications, securing one at a time is too expensive and takes too long. The goal of this session is to identify the strategies that most cost-effectively reduce risk over time. How do we craft an effective application security program using a combination of tools, standard controls, consultants, in-house teams, testers and auditors, and training. How can we manage the cost and risk over time – what metrics have proven to be effective in practice?

The speaker

Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). He has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.