OWASP Israel 2008 Conference Ofer Maor

Testing the Tester – Measuring Quality of Security Testing

Discuss, using live examples and case studies the aspect of quality in security testing. What is a good pentest vs a bad pentest. How to determine whether a project you had was good or not. How to predetermine that the person you will be getting to do your project is working in the right way. Dealing with false negatives and false positives of such tests. Philosophical aspects such as methodology, exploitation, test plans, checklists, costs vs quality (and the most important aspect of cost effectiveness) etc. Approaches issues (pros and cons for each aspect) – black box vs white box, tools vs manual, remote vs local, etc.

Bio

Ofer Maor has over twelve years of experience in the Information Technology field, ten of which in information security and application security. Mr. Maor is a pioneer of the application security field, as he is involved in the leading research initiatives in the field, has published numerous papers, appears regularly in leading conferences and is all in all considered a leading authority in this field by all those involved in it.

Before founding Hacktics, Mr. Maor led Imperva™'s Application Defense Center, a research group focused on providing application security services and education. In this capacity, he advanced research activities and was responsible for all the application security services conducted by the company. He was previously a Senior Security Consultant at eDvice, an application security consulting firm. He has also served for three years as an Information Security Officer in the Israeli Defense Forces.