User:Fares Alraie

Fares Alraie Software Security Specialist

I’m software Security Specialist at a financial institutions. For the past two years I have been working on putting a software security specialist team that handles all type of application security testing. Utilizing my previous experience as software technical specialist, I have been engaged in reviewing most of the new frameworks and technologies that the enterprise wants to adopt. With combination of strong background in the technical world and the security world I was able to create guidelines, white papers, created and delivered workshops and Presentation for developers and Security personnel that cover the security angle of all the new emerging technologies. I have been also focusing on introduced the 360 view of application security, which involves the following testing:

White box testing (i.e security source code review) Black and gray box testing (i.e Pen Testing)

I, also provide projects with application security expertise to ensure that application design and implementation are secure for people to use on daily basis. Direct and monitor developers through application security code review to insure they apply all application security standards within their application development. Provide application security testing services, define the proper test scopes and perform penetration testing on all sorts of application.Develop training and coach in secure development practices. Review emerging technologies to insure that they are used in secure manners

I have been working in the development world for the past 12 years and then moved on to the application security world. My previous experience in software application development made the transition to the application security much easier and helped me understand most of the gaps that we developers face when trying to implement security in their applications.

My goal is to simplify application security for development communities in order to increase the speed of adopting application security in the development life cycle, as well as change the approach to application security for more of pro-active rather than re-active.