[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

KEYNOTE SPEAKER: John Viega (Chief Security Architect, McAfee Inc.)

Filed under: Main Page — Administrator @ 2:42 pm

February 22, 2006

Presentation Title What application security tools vendors don’t want you to know and holes they will never find!

Presentation Abstract

Software and application security is a hard nut to crack. Traditional network and operating system assessment and protection tools can be taught to look for repeatable conditions with reasonable results. However (and despite heavy marketing suggesting other wise) application protection and assessment tools suffer from a significant different order of problem. In this talk John Viega and Mark Curphey will systematically discuss and demonstrate the limitations of automated protection and assessment tools using live working examples. The talk will focus on code review tools, web application scanners and web application firewalls.

About John Viega

John is the co-author of three books on application security, Building Secure Software (Addison Wesley, 2001), Network Security with OpenSSL (O’Reilly, 2002) and the Secure Programming Cookbook (O’Reilly, 2003). He also built the CLASP application security process, which is available on-line. John’s research areas have included application security, cryptography, programming languages and usability. He co-developed GCM, a mode of operation for block ciphers such as AES that has been incorporated into IPSec and the 802.1AE draft document, and is currently being standardized by NIST. Despite being cautious about embracing the open source security theory, John has been involved in many open source projects. He was the original author of the Mailman mailing list manager, and has been author or co-author of many other free projects, including RATS, SafeStr, XXL and ITS4.

Note: John will be presenting this keynote with Mark Curphey (Vice President, Foundstone Professional Services - A division of McAfee Inc. )

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore