Jeremiah Grossman is the founder and CTO of WhiteHat Security, discusses his presentation titled “Four Years and Four Thousand Websites: What Have We Learned about Hacking Websites” at the Hacker Halted Conference in Miami.
Jeremiah is considered a world-renowned expert in Web security, co-founder of the Web Application Security Consortium, and recently named to InfoWorld’s Top 25 CTOs for 2007.
He is a frequent speaker at industry events including the BlackHat Briefings, ISACA, CSI, OWASP, Vanguard, ISSA, OWASP, Defcon, etc., and has has authored of dozens of articles and white papers, credited with the discovery of many cutting-edge attack and defensive techniques, and co-author of XSS Attacks.
Jeremiah is frequently quoted in major media publications such as InfoWorld, USA Today, PCWorld, Dark Reading, SC Magazine, SecurityFocus, C-Net, SC Magazine, CSO, and InformationWeek. Prior to WhiteHat he was an information security officer at Yahoo!
“Citigroup, Sony, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common – all have had websites compromised in the last year. No company or industry is immune.”
“It doesn’t matter if a business is in financial services, retail, education, gaming, social networking, government, telecom, media or travel. Daily headlines tell the stories of millions of lost credit-card numbers, millions of personal information records exposed, and gigabytes worth of intellectual property stolen.”
“The net result – corporate losses in the hundreds of millions, sharp stock price declines, lawsuits, fines and costly downtime. All signs point to a worsening problem, but the big question is, what can be done about it?”
“Over the last 10 years WhiteHat Security has performed vulnerability assessments for hundreds of organizations on over 4,000 of the Internet’s most important websites — identifying the very same issues the bad guys routinely exploit. There is a tremendous amount to be learned from this volume of data.”
“For example, by comparing the characteristic of highly secure websites versus the highly vulnerable we can identify the business practices that work best.”
“Fundamentally the answer to the software security question can be found through metrics. By carefully tracking and analyzing metrics, very particular key performance indicators (KPIs), an organization can determine where resources would be best invested.”
Infosec Island was proud to be a media sponsor for the Hacker Halted Miami event.