* Organizational Representative
(If companies or organizations are listed, they are an WASC organizational member)
Mr. Auger's research contributions have appeared in Information Week, CNET,
CERT, and various other information outlets. Robert currently administrates
http://www.cgisecurity.com, a popular web site for up-to-date security news and information.
Mr. Auger has authored several whitepapers including the "Cross Site Scripting FAQ", "The Cross-site Request Forgery FAQ", and
"Fingerprinting Port 80 Attacks" forensics series. He has also contributed to many community
efforts such as the Center for Internet Security, Snort IDS, and the Open Web Application
Security Project's (OWASP) Testing project.
Anurag Agarwal has 14 years of experience designing, developing, managing
and (4+ years) securing web applications and has worked for companies like
Citigroup, Cisco, HSBC Bank, GE Medical Systems, etc. He is CISSP certified
and a Sun Certified Java Developer. He is an active contributor to the web
application security field and has written several articles on secure design
and coding for an online magazine, spoken at various conferences and
maintains a website by the name of www.attacklabs.com where he has published
several proof of concepts on various attacks. He has a blog on web
application security at http://myappsecurity.blogspot.com
Ryan C. Barnett
Ryan C. Barnett is a senior security researcher on Trustwave's SpiderLabs Team. He is a SANS Institute certified
instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams.
In addition to working with SANS, he is also a WASC Member where he leads the Web Hacking Incidents Database (WHID) and
Distributed Web Honeypots Projects and is also the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has
also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache. Twitter
account - @ryancbarnett
Yuval Ben-Itzhak, a 15-years technology veteran, former CTO and Founder of
KaVaDo Inc. Prior to KaVaDo, Ben-Itzhak was CTO at Ness Technologies
(NASDAQ: NSTC), a global provider of end-to-end IT solutions and services.
As a senior project manager at Intel Corp. (NASDAQ: INTC), Ben-Itzhak was in
charge of the design and development of worldwide software projects in
communications and information systems. He began his professional career as
a member of an elite R&D intelligence unit of the Israeli Defense Forces,
where he was responsible for the design and development of security systems
for mission-critical projects. Ben-Itzhak earned a BSc. in Information
Systems and Engineering, Cum Laude. Ben-Itzhak was selected as an honored
recipient of the 2004 most influencing CTO award by InfoWorld.
Erik is Vice President of Product Development and Marketing at NT OBJECTives, where he is responsible for driving the company's marketing and product development initiatives. Mr. Caso brings an extensive background in business strategy, product and business development to NT OBJECTives. Prior to NT OBJECTives, Mr. Caso worked at Foundstone, where as Product Manager he led that company's flagship product, FoundScan, from a first generation technology to a third generation market leader. During this time he was instrumental in building product, sales and marketing strategies for the company. Prior to Foundstone, Erik led product and business strategies for companies such as Epoch Internet and The Boeing Company. Mr. Caso is an advisor to numerous industry groups and vendors. He holds degrees in business and economics from Cal Poly San Luis Obispo.
Matthieu is currently in charge of product management at Beeware. He
designed and developed one of the first European web application firewall
in 2001 for a French company Axiliance acquired by Beeware in 2005.
He is involved in different opensource projects and is a committer on the
HTTPd Apache project since 2003 after working on several modules and
patches on Apache 2.0. Matthieu has contributed to various WASC Projects
including WAFEC, WASSEC, and peer review for the wasc articles project. He
is also member of the OWASP French chapter.
Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security R&D and industry evangelism. As a 7-year industry veteran and world-renowned security expert, Mr. Grossman is a frequent conference speaker at the Blackhat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writings, and discoveries have been featured in USA Today, VAR Business, NBC, ZDNet, eWeek, etc. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of web applications.
Mr Gaucher is a security consultant at Cigital, Inc. He has been part
of the Software Assurance Metrics and Tool Evaluation (SAMATE) project
at the National Institute of Standards and Technolgy (NIST) where he
co-organized and ran the NIST Static Analysis Tool Exposition 2008. He
also co-authored the Web Application Security Scanner specification
1.0 and papers on software assurance. Prior to his transition to
software assurance at NIST, he worked in graph theory and data mining
at the Group for Research in Decision Analysis (GERAD), Canada. Romain
is leading the WASC Script Mapping project, contributes to WASSEC, and
is board member of the OWASP France. Romain holds a M.Sc. in applied
mathematics and computer science from ISIMA College of Engineering in
Computer Science, Clermont-Ferrand, France.
Sergey V. Gordeych
Head of consultancy & audit department of Positive Technologies, where he is responsible for R&D in
Compliance Management and Application Security. Sergey has 12+ years of
experience in software development, security management, penetration
testing, application security and compliance management. Mr. Gordeychik
is an author of "Wireless Security", "Web-applications security
assessment" and "Securing Microsoft Windows-based Enterprise" training
courses in Security Training Centre Informzaschita. He is regular author
of "Windows IT Pro/RE" magazine, SecurityLab.ru and other, frequent speaker at industry
events including the Infosecurity Russia, RusCripto and other.
Amit Klein is the chief scientist of a security company, and has
over 13 years of experience in information security research.
From its inception in late 1997, until its acquisition (by
Watchfire) in mid-2004, Amit was doing web application security
research for Sanctum. His last position there was the director of
security and research.
Amit published numerous innovative papers and advisories on web
application security, and his writing has appeared in various
publications such as Dr. Dobb's Journal and SC Magazine. Amit
also lectured in conferences such as CERT and FM'99.
Prior to Sanctum Amit was a software project manager and a
technological leader, and prior to that he was a methematics
researcher and research manager.
Amit holds a B.Sc. (cum laude) in mathematics and
physics from the Hebrew University of Jerusalem, Isreal.
Aaron C. Newman
Aaron C. Newman is Co-Founder and the Chief Technology Officer of
Application Security, Inc. (AppSecInc). Widely regarded as one of the
world's foremost database security experts, Aaron is the co-author of the
Oracle Security Handbook, printed by Oracle Press. Aaron has delivered
presentations on application security to organizations around the world and
has written numerous white papers and articles on the subject. As well,
Aaron holds several patents in database encryption, intrusion detection, and
Steve Orrin is Director of XPD Security for Intel, Corp. is responsible for
XML and Web Services Security strategy and product direction. Steve joined
Intel as part of the acquisition of Sarvega, Inc. where he was their CSO.
Steve was formerly Vice President of Security Solutions for Watchfire, Inc.
Steve was previously CTO of Sanctum, a pioneer in Web application security
testing and firewall software, and came to Watchfire through an acquisition
of Sanctum. Prior to joining Sanctum, Steve was CTO and co-founder of
LockStar, Inc. LockStar provided enterprises with the means to secure and
XML/WebService enable legacy and enterprise applications for e-business.
Orrin joined LockStar from SynData Technologies, Inc. where he was CTO and
chief architect of their desktop e-mail and file security product. A
recognized expert and frequent lecturer on enterprise security, he has
developed several patent-pending technologies covering user authentication,
secure data access and steganography and one issued patent in steganography.
Orrin holds an honors degree in research biology from Kean University and is
published in several scientific and medical journals. Orrin is a member of
the Network and Systems Professionals Association (NaSPA), the Computer
Security Institute (CSI), SEI (Software Engineering Institute), and is a
co-Founder of WASC (Web Application Security Consortium). He participates in
several IETF and OASIS working groups.
Mr. Pennington joined WhiteHat Security, Inc. in November 2002. He has 8 years of professional experience in information security and eleven in information technology. His duties at WhiteHat include management of research and development, guidance of product and technology direction, managing web application assessment teams, and developing and delivering WhiteHat Security training. Mr. Pennington has performed web application assessments for over six years in a variety of industry verticals including financial services, e-commerce, and biotechnology. He is a Certified Information Security Systems Practitioner (CISSP) and Certified Cisco Network Administrator (CCNA). He has broad experience in web application security, penetration testing, computer forensics and in intrusion detection systems. Prior to joining WhiteHat, Bill was a principal consultant and technical lead for assessment services at Guardent, a nationwide security services provider.
Mr. Pennington has contributed several chapters to "Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios" and is an author of "Hackers Challenge 2". He has spoken at numerous industry events including BlackHat Windows 2003, BlackHat 2002, ISSA LA/Orange County joint conference, and the International Airport Auditors National Meeting 2001.
Ivan Ristic is a web security specialist and the author of
mod_security, an open source intrusion detection and prevention
engine for web applications. He spends his time designing tools for
web application protection and web intrusion detection. Prior to
moving to the web application security field, Ivan spent a number of
years working as a developer, system architect, and technical director
in the software development industry.
Ivan wrote Apache Security for O'Reilly, a concise yet comprehensive
web security guide for administrators, system architects, and
programmers. He is an active participant in the web application
Ory Segal is director of security research, responsible for researching
technologies and recommending strategic directions for Watchfire’s security
product line. Ory came to Watchfire through the acquisition of Sanctum, a
pioneer in Web application security testing and firewall solutions.
Watchfire provides Online Risk Management software and services to monitor
and report online security, privacy, quality, and compliance risks. At
Sanctum, Ory held the positions of product manager and team leader. Prior to
Sanctum, Ory was a penetration testing team leader at Avnet, a leading
Israeli data-security consulting company.
Ory has published several whitepapers and security advisories, participates
in industry working groups and is a recognized expert on application and
network security. Ory has spoken at numerous security events and is often
called upon for his opinions regarding web application security.
Ory holds a B.A. in Computer Science from the Open University of Israel.
Ofer Shezaf is the CTO of Breach Security Inc., a leading provider of application security solutions and leads application security research there. In his role Ofer investigates new application security problems and protection technologies. Ofer is active in the web application security community and can be found in most related news groups and in project such as WASC's "Web Application Security Evaluation Criteria" and "Real world Web App Sec examples". Ofer also founded the Israeli chapter of OWASP.
Ofer's background is in national information security and he worked with organizations such as the Israeli National Information Security Agency, the Israeli Intelligence Forces and the Israeli Nuclear Research Center. He specialized in areas such as information warfare, targeted attacks & Internet usage privacy.
Caleb Sima is the co-founder and chief technology officer of SPI Dynamics, the expert in Web application security. Caleb is responsible for directing the lifecycle of the company’s Web application security solutions and is the director of SPI Labs R&D team within SPI Dynamics. Caleb has been engaged in the Internet security arena since 1996, and has become widely recognized as an expert in penetration testing and for identifying emerging security threats. Prior to co-founding SPI Dynamics in early 2000, Caleb worked for Internet Security Systems’ elite X-Force R&D team and as a security engineer for S1 Corporation. Caleb is a frequent speaker and expert resource for the press on Internet attacks. He is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).