Press Releases
SECURITY INNOVATION EXECUTIVE DISCUSSES
DANGEROUS APPLICATION SECURITY VULNERABILITIES AT STP CON
Wilmington, MA - October 1, 2007 - Security Innovation, the
authority on application security and leading independent provider of
risk assessment, risk mitigation and training services, today announced
that John Carmichael, security trainer, will deliver a session on the
“The Most Dangerous Application Security Vulnerabilities—and How to Test
for Them” at the Software Test & Performance Conference in Boston on
October 4. In this session, Carmichael will highlight the top security
vulnerabilities and offer practical, how-to tips for testing your
applications with a security mindset.
The most difficult problems of IT security are found at the application
layer, and exploitability of applications due to poor design has reached
epidemic levels. In this session, participants will learn how to:
- Recognize (with examples) how security bugs are different from functional bugs and how to quickly identify symptoms of vulnerabilities;
- Use a fault model to help testers conceptualize security vulnerabilities and recognize the range of threats to an organization’s information assets; and
- Understand the difference between a user or functional tester looking to validate functionality versus the abuser or security tester looking to discover extra functionality to compromise the system.
“The world’s most critical business processes are carried out by
software, so it is essential to mitigate the risks when developing the
applications,” said John Carmichael. “Companies need a clear-cut means
of evaluating their security environments from the perspective of the
vendor and the customer. To design, build and deploy secure
applications, developers must be able to think ahead of software flaws,
know how to test for them and integrate security into each phase of the
application development life cycle. This presentation will offer n
inside view into recognizing, and as a result preventing, software
vulnerabilities, allowing developers to improve their skills for the
benefit of their companies and their customers.”
What: “The Five Most Dangerous Application Security Vulnerabilities—and
How to Test for Them”
When: Thursday, October 4, 2007; 10:30 a.m. EDT
Where: where? Boston
URL:
http://www.stpcon.com/thu_am.htm
About John Carmichael, security trainer, Security Innovation
John Carmichael applies his strong lab development, programming and
security process skills to deliver factual and useful secure software
development training courses to some of the world’s largest
organizations including Adobe, EMC and MassMutual. At Security
Innovation, he is responsible for researching current application
security trends to ensure course content is accurate, relevant and
essential.
Prior to joining Security Innovation, Mr. Carmichael was a systems
analyst, who led various Web development labs and product training for
both technical and non-technical audiences. He is a skilled software and
Web developer with deep expertise in several different languages and
environments. Mr. Carmichael has also made many contributions to the
open source software community by developing an open source structured
drawing tool implemented in Python, testing several release candidates
of the Sarge installer for the Debian Linux distribution, and writing a
soon-to-be-released Windows OS crash analyzer product. He also maintains
a blog with CSO Magazine.
Mr. Carmichael earned his B.S. degree in Computer Science and Business
Administration from the University of Vermont and is currently working
toward an M.S. degree in Computer Information System Security from
Boston University.
Contacts
Davida Dinerman or Nicole Glidden
Schwartz Communications, Inc.
(781) 684-0770
sisecure@schwartz-pr.com
