[OWASP-Malaysia] Improving Application Security Assurance with OWASP ASVS - MOSC2011

Harisfazillah Jamel linuxmalaysia at gmail.com
Thu Jun 2 07:31:18 EDT 2011

Improving Application Security Assurance with OWASP ASVS - MOSC2011

The primary aim of the OWASP Application Security Verification
Standard (ASVS) Project is to normalize the range in the coverage and
level of rigour available in the market when it comes to performing
Web application security verification using a commercially-workable
open standard. The standard provides a basis for testing application
technical security controls, as well as any technical security
controls in the environment, that are relied on to protect against
vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection.
This standard can be used to establish a level of confidence in the
security of Web applications.

During the presentation, Cecil will show how the ToV (Target of
Verification) can be applied in real life cases.

MOSC2011 Speaker : Cecil Su

4th July 2011 11.30am
Track 2 Developer & OSS Community

Cecil is the Director for Grant Thornton Technology Advisory Pte Ltd,
a member firm of Foo Kon Tan Grant Thornton LLP, one of the largest
auditing firms outside the Big4. As head of the Technology Advisory
unit, he leads various engagement teams on diversified projects across
vertical industries. His area of focus is in IT Assurance, IT Security
Advisory and Digital Forensics.

Cecil had diverse opportunities outside of work offering his time for
various IT Security initiatives. Aside from being a committee member
of the OWASP Global Education Committee, he has also contributed to
the widely-used OWASP Testing Guide, and coordinated efforts for the
internationalization of Asian languages of OWASP materials. Cecil is
also the current Chapter Lead for the Singapore Honeynet Project, an
ExCo member for the Association of Information Security Professionals
(AISP) for 2009/2010/2011, and a founding member of the Singapore
Cloud Forum.

He holds a Bachelor of Science (Hons) in Computing Information Systems
from Goldsmiths College, University of London. Besides being a
practicing ISO/IEC 27001:2005 Lead Auditor, he also holds
certifications from CISSP, CISA, CISM, CRISC, OPST, OCP DBA, PCI QSA
and CNE.

Malaysia Open Source Conference 2011 (MOSC2011)




Malaysia Open Source Software Conference 2011
MOSC2011 http://www.mosc.my/

Milking the Cloud Competition for MOSC2011

LinuxMalaysia Network

Harisfazillah Jamel

More information about the OWASP-Malaysia mailing list