whitehatsec

NCA Security & Technology Conference '08

Technology Answers to Business Initiatives

Mythbusting Web Application Security

While Web Application Security is still a relatively new field, the industry has amassed a large collection of sacred cows and myths that have been accepted as fact. Why are these assertions rarely questioned? We will tackle these myths head-on, examine their
origins and evaluate their validity. We will then take a look at the current state of the industry, including why it is failing to meet customer needs and how the combination of assessments and web application firewalls is solving real-world customer issues today.

About WhiteHat Security:
WhiteHat Security was founded in August 2001 by a team led by Jeremiah Grossman, a security industry veteran and former Yahoo! information security officer. Jeremiah founded the company to provide a comprehensive solution to the growing problem of website security. The company is privately held and headquartered in Santa Clara, California, with a sales office in Austin,
Texas and New York, New York.

What We Do
WhiteHat Security is a leading provider of website security services. WhiteHat develops comprehensive, easy-to-use, cost-effective solutions that enable companies to secure valuable customer data, meet federal compliance standards, and maintain customer confidence.

Bill Pennington, Vice President, Services, WhiteHat Security

Mr. Pennington joined WhiteHat Security, Inc. in November 2002. He has six years of professional experience in information security and eleven in information technology. His duties at WhiteHat include management of research and development, guidance of product and technology direction, managing website assessment teams, and developing and delivering WhiteHat Security training. Mr. Pennington has performed website assessments for over four years in a variety of industry verticals including financial services, e-commerce, and biotechnology. He is familiar with Mac OS X, Linux, Solaris, Windows, and OpenBSD, and is a Certified Information Security Systems Practitioner (CISSP) and Certified Cisco Network Administrator (CCNA). He has broad experience in website security, penetration testing, computer forensics and in intrusion detection systems. Prior to joining WhiteHat, Bill was a principal consultant and technical lead for assessment services at Guardent, a nationwide security services provider.

Mr. Pennington has contributed several chapters to "Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios" and is an author of "Hackers Challenge 2". He has spoken at numerous industry events including BlackHat Windows 2003, BlackHat 2002, ISSA LA/Orange County joint conference, and the International Airport Auditors National Meeting 2001.