[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

KEYNOTE SPEAKER: Mark Curphey (Vice President, Foundstone Professional Services - A division of McAfee Inc.)

Filed under: Main Page — Administrator @ 2:22 pm

February 22, 2006

Presentation Title What application security tools vendors don’t want you to know and holes they will never find!

Presentation Abstract

Software and application security is a hard nut to crack. Traditional network and operating system assessment and protection tools can be taught to look for repeatable conditions with reasonable results. However (and despite heavy marketing suggesting other wise) application protection and assessment tools suffer from a significant different order of problem. In this talk John Viega and Mark Curphey will systematically discuss and demonstrate the limitations of automated protection and assessment tools using live working examples. The talk will focus on code review tools, web application scanners and web application firewalls.

About Mark Curphey

Mark Curphey is the Vice President of Consulting at Foundstone and responsible for the global services team. Recognized for his work in the software security field, Mark was the Director of Information Security at Charles Schwab (a large US based financial services company) where he was responsible for creating and managing the global application security program when software security wasn’t yet on most companies radars. Mark founded OWASP, the Open Web Application Security Project that has become a well thought of reference site for developers and system architects and recommended reading by the US Federal Trade Committee. He has a Masters Degree in Information Security from the renowned Royal Holloway, University of London where he specialized in advanced cryptography. Mark is a Microsoft MVP for developer security.

In his words “I am passionate about software security; and I am passionate about preventing this industry spinning out of control with marketing and hype. This will definitely not be your average presentation with bullet pointed slides and the same old message regurgitated! Come prepared!”

Note: Mark will be presenting this keynote with John Viega (Chief Security Architect, McAfee Inc.)

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore