This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SnowFROC Abstract Peloquin

Jump to: navigation, search

The Presentation: Building an Effective Application Security Program

It’s unanimous, Web application security has arrived!”, wrote WhiteHat Security CTO, Jeremiah Grossman, in a 12/26/2008 post to his blog. As Jeremiah points out in his post, every major report on security lists web applications as the number one attack vector. Assessments and penetration tests are essential elements of any Application Security Program, but they’re not enough. Organizations must take the next step, and insert security directly into the development lifecycle.

Take Aways

  • Identify the pre-requisites you’re missing in your organization, and where you fall on the Application Security Scale of Maturity.
  • Learn the steps involved in planning and executing an effective program.
  • Learn to avoid common pitfalls.

The Speaker: Joey Peloquin

Joey Peloquin is the Director of Application Security at FishNet Security, where he’s responsible for project oversight and quality assurance, business development, and managing the team’s offerings and methodologies. He’s spent the last 9 of 15 years in I.T. specializing in Information Security, with approximately the last five specifically in Application Security. Prior to joining FishNet Security, he created the service offerings and methodology for Hewlett-Packard’s Application Security Center Professional Services Team (formerly SPI Dynamics). At HP, he managed all partner-delivered projects and was the team lead for the internal team with the responsibility of training and mentoring new consultants. Joey also spent nearly a decade with JCPenney Corporation, where he built the Application Security Program, and generated application security awareness through aggressive penetration testing policies.

back to Presentation Agenda