Speakers
- Matt Stine
- Brian Sletten
- Ken Sipe
- Nathaniel Schutta
- Mark Richards
- Pratik Patel
- Matthew McCullough
- Neal Ford
- Tim Berglund
- Peter Bell
- Craig Walls
- Venkat Subramaniam
- Jeff Scott Brown
- Hans Dockter
- Oleg Zhurakousky
- Billy Williams
- Johnny Wey
- Chris Wensel
- Jim Webber
- James Ward
- Kai Wähner
- Vaughn Vernon
- John Steven
- Bruce Snyder
- John Smart
- Stuart Sierra
- Alan Shalloway
- Roshan Sequeira
- Brian Sam-Bodden
- Terry Ryan
- Johanna Rothman
- Ian Robinson
- Paul Rayner
- Nilanjan Raychaudhuri
- Matt Raible
- Eric Pugh
- Prasanna Pendse
- Andy Painter
- Peter Niederwieser
- Andrew Lombardi
- Howard Lewis Ship
- Tiffany Lentz
- Scott Leberknight
- Kenneth Kousen
- Kirk Knoernschild
- Paul King
- Frank Kim
- Heath Kesler
- Heinz Kabutz
- Christopher Judd
- Leonid Igolnik
- Jez Humble
- Daniel Hinojosa
- Erik Hatcher
- James Harmon
- Stuart Halloway
- Arun Gupta
- Jerry Gulla
- Jeff Genender
- Raju Gandhi
- Szczepan Faber
- Todd Ellermann
- Johan Edstrom
- Hamlet D`Arcy
- Esther Derby
- Jeremy Deane
- Luke Daley
- Adrian Cole
- Cliff Click
- Andrey Breslav
- Charles Bradley
- David Bock
- Ola Bini
- Emad Benjamin
- Scott Bain
- Alex Antonov
- Andres Almiray
- Dan Allen
John Steven
Security Expert & Architect @ Cigital
John Steven is the Senior Director, Advanced Technology Consulting at Cigital, Inc. His experience includes research in static code analysis and hands-on architecture and implementation of high-performance, scalable Java EE systems. John has provided security consulting services to a broad variety of commercial clients including two of the largest trading platforms in the world and has advised America’s largest internet provider in the Midwest on security and forensics.
John led the development of Cigital’s architectural analysis methodology and its approach to deploying enterprise software security frameworks. He has demonstrated success in building Cigital’s intellectual property for providing cutting-edge security. He brings this experience and a track record of effective strategic innovation to clients seeking to change, whether to adopt more cutting-edge approaches, or to solidify ROI. John has served on numerous conference panels regarding software security, wireless security and Java EE system development. He holds a B.S. in Computer Engineering and an M.S. in Computer Science from Case Western Reserve University.
Presentations
Dynamic Security Testing
Organizations have struggled to understand the place of dynamic security testing techniques and their penetration testing tool use has suffered setbacks as a result. Likewise, as these same organizations turn to static analysis tools they find themselves struggling to decide who should run the tool and what kinds of vulnerabilities the tool will find for them. Finally, organizations lament the lack of depth or scale associated with their manual security analyses.
This presentation will show how recent approaches to holistic application assessment at Cigital have overcome the limitations of existing tools by combining industry-best scanning tools and open source technologies for continuous integration. This combination, in turn, has the security benefit of scanning tools to be seen more closely to when vulnerabilities are introduced (and can be fixed) and allows them to be applied more frequently.