The Big Picture: Web Risks and Assessments Beyond Scanning

The presentation
This talk is an unabashed look at the role and limitations of automated technologies in a complete web risk assessment by an industry pioneer and veteran. Whereas once a good web scanner could be thought of at the sum total of a strong web application security program, now it's only the beginning. We will look at a broader picture of web risks and their associated threats, and what assessment techniques and technologies can be applied to them.

The speaker
Matthew Fisher was the first Security Engineer hired by an industry leading application security company that was acquired by Hewlett-Packard in 2007. Shortly thereafter he left HP to form Piscis; an emergent boutique of veterans focused squarely on the art and science of application security. As a pioneer and industry leader, Matt has several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker, having presented at ShmooCon, ToorCon, Gartner, CSI, ReBl, DoD Cybercrime, and many others. He can be contacted at info @ Piscis-security.com