A Web Vulnerability Assessment View presented at SANS Pen Test Summit 2010

by Jeremiah Grossman (WhiteHat Security),

Tags: Security Infrastructure Web Application Security Access

URL : http://www.sans.org/pen-testing-summit-2010/agenda.php

Summary : "WhiteHat Security has performed vulnerability assessments on roughly 2,000 websites, identified tens of thousands of security flaws, and interacted with their owners about how to deal with them. From this experience we've learned some invaluable lessons about the systemic nature of Web security challenges and the need for heterogeneous and customized solutions. As the Web takes center stage in IT security, pen-testers and vulnerability assessment providers must be capable of more than spotting the weaknesses and relaying generic advice on an annual basis. They'll need to offer strategic planning regarding where to start, what should be done next, how to align incentives, track progress, measure success, and more importantly justify investment. These skills often do not come naturally to the average technically-minded pen-tester, but this is how the next generation will differentiate themselves from the rest."

Jeremiah Grossman: Jeremiah Grossman founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Mr. Grossman is a founder of the Web Application Security Consortium (WASC), and was named to InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA Conference, ISACA, CSI, InfoSec World, OWASP, ISSA, and Defcon as well as a number of large universities. He has authored dozens of articles and white papers, is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks: Cross Site Scripting Exploits and Defense. Mr. Grossman is frequently quoted in major media outlets such as USA Today, the Washington Post, The Financial Times, InformationWeek, InfoWorld, USA Today, PC World, Dark Reading, SC Magazine, CNET, CSO and NBC news. He frequently alerts the media community to the latest attacks and is not only able to offer in-depth commentary, but also provide his perspective of what’s to come. Mr. Grossman was named a “friend of Google” and is also an influential blogger (www.jeremiahgrossman.blogspot.com) who offers insight and encourages open dialogue regarding current research and vulnerability trend information. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Before Yahoo!, Mr. Grossman worked for Amgen, Inc.