Reflection on Bill Pennington
This week on reflection, we have Bill Pennington from Whitehat Security. Bill had been involved in web application security for a long time and has performed numerous web application assessments and is currently involved in research and development at Whitehat Security. He has spoken at industry events like blackhat, ISSA LA and OWASP Silicon Valley chapter and has contributed to or co-authored several books.
Bill was involved with OWASP in its early days and is currently a WASC officer. He has a very good sense of humor and is always willing to lend a helping hand. He spends his spare time with his family and kayak fishing. On his reflection, Bill shares with us how he got involved in web application security. In his own words
“I was around 16 with an Amiga 500 and a modem; I spent a lot of time exploring systems that would answer my modem. I got my first internet access in 1990 on a University of Houston machine and spent a lot of time poking around on systems that would talk to me. My roommate at the time got addicted to a MUD and I got addicted to learning about how the internet worked.
For getting into Web Application Security, I blame Caleb Sima from SPI. I was working at a start-up around 1998 doing all the IT/security/blinky light stuff when Caleb was hired to do an audit by a large company that wanted to use my company’s software. Caleb found a few issues with our web application that got me interested. I had mostly been concerned about firewalls and IDS at that point. I figured if Caleb could do it then I could do it :-) I started auditing our software at that point, found a bunch of stuff Caleb missed ;-), and the rest is history.”
Based out of San Jose, CA, Bill is 36 years old. Below are his contributions to the webappsec community
Books:-
Contributed several chapters
Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios
http://www.amazon.com/Hackers-Challenge-Incident-Response-Scenarios/dp/0072193840
Co-Authored
Hacker's Challenge 2: Test Your Network Security & Forensic Skills http://www.amazon.com/Hackers-Challenge-Network-Security-Forensic/dp/0072226307/ref=pd_bxgy_b_img_b/104-8852387-4309541
Hacker's Challenge 3
http://www.amazon.com/Hackers-Challenge-3-David-Pollino/dp/0072263040/ref=pd_bxgy_b_img_b/104-8852387-4309541
Presentations/Conferences:-
Challenges of Automated Web Application Scanning - ISSA
http://www.sfbayissa.com/newsletters/SFBAYISSA_2004-01_Newsletter.pdf
The Challenges of Automated Web Application Security – ISACA
http://www.isacala.org/events/mtg0401.html
Latest Attack Trends and Statistics – OWASP San Jose
http://lists.owasp.org/pipermail/owasp-sanjose/2005-September/000029.html
Hacking Web Applications – Blackhat 2003
http://www.blackhat.com/html/win-usa-03/train-bh-win-03-wh.html
Web Application Security - "Reconnaissance, Exploitation, and Investigation" – Blackhat
http://www.blackhat.com/html/win-usa-03/win-usa-03-speakers.html
Taking aim at Web Applications - Blackhat
https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-groves-webapps.ppt
Contributions:-
WASC Threat Classification
http://www.webappsec.org/projects/threat/
WASC Threat Classification Version 2 (under progress)
Memberships:-
WASC Officer
http://www.webappsec.org/officers.shtml#bill_pennington
Company working for:-
WhiteHat Security
Email:-
bill__at__whitehatsec_dot_com
Website:-
http://www.whitehatsec.com/
Companies worked for:-
EDS, RocketCash, Guardent
Bill is a very humble person and is always willing to share his knowledge with others. He mostly works behind the scenes and on a lot of ideas in the labs of whitehat security. Though he doesn’t have a blog yet but I am hoping he would start something soon.
Next Week – Caleb Sima
Last Week – Andrew Van der Stock
Bill was involved with OWASP in its early days and is currently a WASC officer. He has a very good sense of humor and is always willing to lend a helping hand. He spends his spare time with his family and kayak fishing. On his reflection, Bill shares with us how he got involved in web application security. In his own words
“I was around 16 with an Amiga 500 and a modem; I spent a lot of time exploring systems that would answer my modem. I got my first internet access in 1990 on a University of Houston machine and spent a lot of time poking around on systems that would talk to me. My roommate at the time got addicted to a MUD and I got addicted to learning about how the internet worked.
For getting into Web Application Security, I blame Caleb Sima from SPI. I was working at a start-up around 1998 doing all the IT/security/blinky light stuff when Caleb was hired to do an audit by a large company that wanted to use my company’s software. Caleb found a few issues with our web application that got me interested. I had mostly been concerned about firewalls and IDS at that point. I figured if Caleb could do it then I could do it :-) I started auditing our software at that point, found a bunch of stuff Caleb missed ;-), and the rest is history.”
Based out of San Jose, CA, Bill is 36 years old. Below are his contributions to the webappsec community
Books:-
Contributed several chapters
Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios
http://www.amazon.com/Hackers-Challenge-Incident-Response-Scenarios/dp/0072193840
Co-Authored
Hacker's Challenge 2: Test Your Network Security & Forensic Skills http://www.amazon.com/Hackers-Challenge-Network-Security-Forensic/dp/0072226307/ref=pd_bxgy_b_img_b/104-8852387-4309541
Hacker's Challenge 3
http://www.amazon.com/Hackers-Challenge-3-David-Pollino/dp/0072263040/ref=pd_bxgy_b_img_b/104-8852387-4309541
Presentations/Conferences:-
Challenges of Automated Web Application Scanning - ISSA
http://www.sfbayissa.com/newsletters/SFBAYISSA_2004-01_Newsletter.pdf
The Challenges of Automated Web Application Security – ISACA
http://www.isacala.org/events/mtg0401.html
Latest Attack Trends and Statistics – OWASP San Jose
http://lists.owasp.org/pipermail/owasp-sanjose/2005-September/000029.html
Hacking Web Applications – Blackhat 2003
http://www.blackhat.com/html/win-usa-03/train-bh-win-03-wh.html
Web Application Security - "Reconnaissance, Exploitation, and Investigation" – Blackhat
http://www.blackhat.com/html/win-usa-03/win-usa-03-speakers.html
Taking aim at Web Applications - Blackhat
https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-groves-webapps.ppt
Contributions:-
WASC Threat Classification
http://www.webappsec.org/projects/threat/
WASC Threat Classification Version 2 (under progress)
Memberships:-
WASC Officer
http://www.webappsec.org/officers.shtml#bill_pennington
Company working for:-
WhiteHat Security
Email:-
bill__at__whitehatsec_dot_com
Website:-
http://www.whitehatsec.com/
Companies worked for:-
EDS, RocketCash, Guardent
Bill is a very humble person and is always willing to share his knowledge with others. He mostly works behind the scenes and on a lot of ideas in the labs of whitehat security. Though he doesn’t have a blog yet but I am hoping he would start something soon.
Next Week – Caleb Sima
Last Week – Andrew Van der Stock
No comments:
Post a Comment