Improving Application Security Assurance with OWASP ASVS - MOSC2011
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigour available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications.
During the presentation, Cecil will show how the ToV (Target of Verification) can be applied in real life cases.
MOSC2011 Speaker : Cecil Su
4th July 2011 11.30am
Track 2 Developer & OSS Community
Cecil is the Director for Grant Thornton Technology Advisory Pte Ltd, a member firm of Foo Kon Tan Grant Thornton LLP, one of the largest auditing firms outside the Big4. As head of the Technology Advisory unit, he leads various engagement teams on diversified projects across vertical industries. His area of focus is in IT Assurance, IT Security Advisory and Digital Forensics.
Cecil had diverse opportunities outside of work offering his time for various IT Security initiatives. Aside from being a committee member of the OWASP Global Education Committee, he has also contributed to the widely-used OWASP Testing Guide, and coordinated efforts for the internationalization of Asian languages of OWASP materials. Cecil is also the current Chapter Lead for the Singapore Honeynet Project, an ExCo member for the Association of Information Security Professionals (AISP) for 2009/2010/2011, and a founding member of the Singapore Cloud Forum.
He holds a Bachelor of Science (Hons) in Computing Information Systems from Goldsmiths College, University of London. Besides being a practicing ISO/IEC 27001:2005 Lead Auditor, he also holds certifications from CISSP, CISA, CISM, CRISC, OPST, OCP DBA, PCI QSA and CNE.
Malaysia Open Source Conference 2011 (MOSC2011)