2011 Talks

4 Years and 4 Thousand Websites Worth of Vulnerability Assessments: What Have We Learned?

Citigroup, Sony, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune. It doesn't matter if a business is in financial services, retail, education, gaming, social networking, government, telecom, media or travel. Daily headlines tell the stories of millions of lost credit-card numbers, millions of personal information records exposed, and gigabytes worth of intellectual property stolen. The net result – corporate losses in the hundreds of millions, sharp stock price declines, lawsuits, fines and costly downtime. All signs point to a worsening problem, but the big question is, "what can be done about it?"

Over the last 10 years WhiteHat Security has performed vulnerability assessments for hundreds of organizations on over 4,000 of the Internet's most important websites -- identifying the very same issues the bad guys routinely exploit. There is a tremendous amount to be learned from this volume of data. For example, by comparing the characteristic of highly secure websites versus the highly vulnerable we can identify the business practices that work best. Fundamentally, the answer to the software security question can be found through metrics. By carefully tracking and analyzing metrics, very particular key performance indicators (KPIs), an organization can determine where resources would be best invested.

Speaker: Jeremiah Grossman

 Jeremiah Grossman is the Founder and Chief Technology Officer of WhiteHat Security, where he is responsible for Web security R&D and industry evangelism. Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, NY Times and many other mainstream media outlets.

As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on five continents at hundreds of events including BlackHat Briefings, RSA, SANS, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, and UCLA. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. He serves on the advisory board of two hot start-ups, Risk I/O and SD Elements. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo!


Windows Kernel Vulnerability Research and Exploitation Windows Kernel Vulnerability Research and Exploitation
JBoss Security: Penetration, Protection, and Patching JBoss Security: Penetration, Protection, and Patching