WASC Officers

Press Releases

FAQ

Quotes

Mailing Lists


Robert Auger CGISecurity Board/Officer
Anurag Agarwal MyAppSecurity Officer
Ryan C. Barnett Trustwave SpiderLabs Officer
Yuval Ben-Itzhak Finjan Officer
Erik Caso* NT OBJECTives, Inc. Officer
Matthieu Estrade Officer
Romain Gaucher Cigital Officer
Sergey V. Gordeych Positive Technologies Officer
Jeremiah Grossman* WhiteHat Security Board/Officer
Sverre Huseby Heimdall Officer
Amit Klein Individual Officer
Aaron C. Newman* Application Security, Inc. Board/Officer
Steve Orrin Intel Board/Officer
Bill Pennington WhiteHat Security Officer
Ivan Ristic Thinking Stone (ModSecurity) Officer
Ory Segal* Watchfire Officer
Ofer Shezaf* Breach Officer
Caleb Sima* SPI Dynamics/HP Board/Officer

*    Organizational Representative

(If companies or organizations are listed, they are an WASC organizational member)

Robert Auger
Mr. Auger's research contributions have appeared in Information Week, CNET, CERT, and various other information outlets. Robert currently administrates http://www.cgisecurity.com, a popular web site for up-to-date security news and information. Mr. Auger has authored several whitepapers including the "Cross Site Scripting FAQ", "The Cross-site Request Forgery FAQ", and "Fingerprinting Port 80 Attacks" forensics series. He has also contributed to many community efforts such as the Center for Internet Security, Snort IDS, and the Open Web Application Security Project's (OWASP) Testing project.

Anurag Agarwal
Anurag Agarwal has 14 years of experience designing, developing, managing and (4+ years) securing web applications and has worked for companies like Citigroup, Cisco, HSBC Bank, GE Medical Systems, etc. He is CISSP certified and a Sun Certified Java Developer. He is an active contributor to the web application security field and has written several articles on secure design and coding for an online magazine, spoken at various conferences and maintains a website by the name of www.attacklabs.com where he has published several proof of concepts on various attacks. He has a blog on web application security at http://myappsecurity.blogspot.com

Ryan C. Barnett
Ryan C. Barnett is a senior security researcher on Trustwave's SpiderLabs Team. He is a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. In addition to working with SANS, he is also a WASC Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Web Honeypots Projects and is also the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache. Twitter account - @ryancbarnett

Yuval Ben-Itzhak
Yuval Ben-Itzhak, a 15-years technology veteran, former CTO and Founder of KaVaDo Inc. Prior to KaVaDo, Ben-Itzhak was CTO at Ness Technologies (NASDAQ: NSTC), a global provider of end-to-end IT solutions and services. As a senior project manager at Intel Corp. (NASDAQ: INTC), Ben-Itzhak was in charge of the design and development of worldwide software projects in communications and information systems. He began his professional career as a member of an elite R&D intelligence unit of the Israeli Defense Forces, where he was responsible for the design and development of security systems for mission-critical projects. Ben-Itzhak earned a BSc. in Information Systems and Engineering, Cum Laude. Ben-Itzhak was selected as an honored recipient of the 2004 most influencing CTO award by InfoWorld.

Erik Caso
Erik is Vice President of Product Development and Marketing at NT OBJECTives, where he is responsible for driving the company's marketing and product development initiatives. Mr. Caso brings an extensive background in business strategy, product and business development to NT OBJECTives. Prior to NT OBJECTives, Mr. Caso worked at Foundstone, where as Product Manager he led that company's flagship product, FoundScan, from a first generation technology to a third generation market leader. During this time he was instrumental in building product, sales and marketing strategies for the company. Prior to Foundstone, Erik led product and business strategies for companies such as Epoch Internet and The Boeing Company. Mr. Caso is an advisor to numerous industry groups and vendors. He holds degrees in business and economics from Cal Poly San Luis Obispo.

Matthieu Estrade
Matthieu is currently in charge of product management at Beeware. He designed and developed one of the first European web application firewall in 2001 for a French company Axiliance acquired by Beeware in 2005. He is involved in different opensource projects and is a committer on the HTTPd Apache project since 2003 after working on several modules and patches on Apache 2.0. Matthieu has contributed to various WASC Projects including WAFEC, WASSEC, and peer review for the wasc articles project. He is also member of the OWASP French chapter.

Jeremiah Grossman
Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security R&D and industry evangelism. As a 7-year industry veteran and world-renowned security expert, Mr. Grossman is a frequent conference speaker at the Blackhat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writings, and discoveries have been featured in USA Today, VAR Business, NBC, ZDNet, eWeek, etc. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of web applications.

Romain Gaucher
Mr Gaucher is a security consultant at Cigital, Inc. He has been part of the Software Assurance Metrics and Tool Evaluation (SAMATE) project at the National Institute of Standards and Technolgy (NIST) where he co-organized and ran the NIST Static Analysis Tool Exposition 2008. He also co-authored the Web Application Security Scanner specification 1.0 and papers on software assurance. Prior to his transition to software assurance at NIST, he worked in graph theory and data mining at the Group for Research in Decision Analysis (GERAD), Canada. Romain is leading the WASC Script Mapping project, contributes to WASSEC, and is board member of the OWASP France. Romain holds a M.Sc. in applied mathematics and computer science from ISIMA College of Engineering in Computer Science, Clermont-Ferrand, France.

Sergey V. Gordeych
Head of consultancy & audit department of Positive Technologies, where he is responsible for R&D in Compliance Management and Application Security. Sergey has 12+ years of experience in software development, security management, penetration testing, application security and compliance management. Mr. Gordeychik is an author of "Wireless Security", "Web-applications security assessment" and "Securing Microsoft Windows-based Enterprise" training courses in Security Training Centre Informzaschita. He is regular author of "Windows IT Pro/RE" magazine, SecurityLab.ru and other, frequent speaker at industry events including the Infosecurity Russia, RusCripto and other.

Amit Klein
Amit Klein is the chief scientist of a security company, and has over 13 years of experience in information security research. From its inception in late 1997, until its acquisition (by Watchfire) in mid-2004, Amit was doing web application security research for Sanctum. His last position there was the director of security and research. Amit published numerous innovative papers and advisories on web application security, and his writing has appeared in various publications such as Dr. Dobb's Journal and SC Magazine. Amit also lectured in conferences such as CERT and FM'99. Prior to Sanctum Amit was a software project manager and a technological leader, and prior to that he was a methematics researcher and research manager. Amit holds a B.Sc. (cum laude) in mathematics and physics from the Hebrew University of Jerusalem, Isreal.

Aaron C. Newman
Aaron C. Newman is Co-Founder and the Chief Technology Officer of Application Security, Inc. (AppSecInc). Widely regarded as one of the world's foremost database security experts, Aaron is the co-author of the Oracle Security Handbook, printed by Oracle Press. Aaron has delivered presentations on application security to organizations around the world and has written numerous white papers and articles on the subject. As well, Aaron holds several patents in database encryption, intrusion detection, and auditing.

Steve Orrin
Steve Orrin is Director of XPD Security for Intel, Corp. is responsible for XML and Web Services Security strategy and product direction. Steve joined Intel as part of the acquisition of Sarvega, Inc. where he was their CSO. Steve was formerly Vice President of Security Solutions for Watchfire, Inc. Steve was previously CTO of Sanctum, a pioneer in Web application security testing and firewall software, and came to Watchfire through an acquisition of Sanctum. Prior to joining Sanctum, Steve was CTO and co-founder of LockStar, Inc. LockStar provided enterprises with the means to secure and XML/WebService enable legacy and enterprise applications for e-business. Orrin joined LockStar from SynData Technologies, Inc. where he was CTO and chief architect of their desktop e-mail and file security product. A recognized expert and frequent lecturer on enterprise security, he has developed several patent-pending technologies covering user authentication, secure data access and steganography and one issued patent in steganography. Orrin holds an honors degree in research biology from Kean University and is published in several scientific and medical journals. Orrin is a member of the Network and Systems Professionals Association (NaSPA), the Computer Security Institute (CSI), SEI (Software Engineering Institute), and is a co-Founder of WASC (Web Application Security Consortium). He participates in several IETF and OASIS working groups.

Bill Pennington
Mr. Pennington joined WhiteHat Security, Inc. in November 2002. He has 8 years of professional experience in information security and eleven in information technology. His duties at WhiteHat include management of research and development, guidance of product and technology direction, managing web application assessment teams, and developing and delivering WhiteHat Security training. Mr. Pennington has performed web application assessments for over six years in a variety of industry verticals including financial services, e-commerce, and biotechnology. He is a Certified Information Security Systems Practitioner (CISSP) and Certified Cisco Network Administrator (CCNA). He has broad experience in web application security, penetration testing, computer forensics and in intrusion detection systems. Prior to joining WhiteHat, Bill was a principal consultant and technical lead for assessment services at Guardent, a nationwide security services provider. Mr. Pennington has contributed several chapters to "Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios" and is an author of "Hackers Challenge 2". He has spoken at numerous industry events including BlackHat Windows 2003, BlackHat 2002, ISSA LA/Orange County joint conference, and the International Airport Auditors National Meeting 2001.

Ivan Ristic
Ivan Ristic is a web security specialist and the author of mod_security, an open source intrusion detection and prevention engine for web applications. He spends his time designing tools for web application protection and web intrusion detection. Prior to moving to the web application security field, Ivan spent a number of years working as a developer, system architect, and technical director in the software development industry. Ivan wrote Apache Security for O'Reilly, a concise yet comprehensive web security guide for administrators, system architects, and programmers. He is an active participant in the web application security community.

Ory Segal
Ory Segal is director of security research, responsible for researching technologies and recommending strategic directions for Watchfire’s security product line. Ory came to Watchfire through the acquisition of Sanctum, a pioneer in Web application security testing and firewall solutions. Watchfire provides Online Risk Management software and services to monitor and report online security, privacy, quality, and compliance risks. At Sanctum, Ory held the positions of product manager and team leader. Prior to Sanctum, Ory was a penetration testing team leader at Avnet, a leading Israeli data-security consulting company. Ory has published several whitepapers and security advisories, participates in industry working groups and is a recognized expert on application and network security. Ory has spoken at numerous security events and is often called upon for his opinions regarding web application security. Ory holds a B.A. in Computer Science from the Open University of Israel.

Ofer Shezaf
Ofer Shezaf is the CTO of Breach Security Inc., a leading provider of application security solutions and leads application security research there. In his role Ofer investigates new application security problems and protection technologies. Ofer is active in the web application security community and can be found in most related news groups and in project such as WASC's "Web Application Security Evaluation Criteria" and "Real world Web App Sec examples". Ofer also founded the Israeli chapter of OWASP. Ofer's background is in national information security and he worked with organizations such as the Israeli National Information Security Agency, the Israeli Intelligence Forces and the Israeli Nuclear Research Center. He specialized in areas such as information warfare, targeted attacks & Internet usage privacy.

Caleb Sima
Caleb Sima is the co-founder and chief technology officer of SPI Dynamics, the expert in Web application security. Caleb is responsible for directing the lifecycle of the company’s Web application security solutions and is the director of SPI Labs R&D team within SPI Dynamics. Caleb has been engaged in the Internet security arena since 1996, and has become widely recognized as an expert in penetration testing and for identifying emerging security threats. Prior to co-founding SPI Dynamics in early 2000, Caleb worked for Internet Security Systems’ elite X-Force R&D team and as a security engineer for S1 Corporation. Caleb is a frequent speaker and expert resource for the press on Internet attacks. He is a member of ISSA and is one of the founding visionaries of the Application Vulnerability Description Language (AVDL) standard within OASIS, as well as a founding member of the Web Application Security Consortium (WASC).