Russ presented OWASP Top 10 Tools and Tactics at SecureWorld Expo Seattle in Bellevue, WA on Thursday, November 17, 2011 at 8:30 AM.

If you’ve spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, you have likely utilized or referenced the OWASP Top 10. Intended first as an awareness mechanism, the Top 10 covers the most critical web application security flaws via consensus reached by a global consortium of application security experts. The OWASP Top 10 promotes managing risk in addition to awareness training, application testing, and remediation. To manage such risk, application security practitioners and developers need an appropriate tool kit. This presentation will explore tooling, tactics, analysis, and mitigation.

Russ presented Evil Though the Lens of Web Logs at RSA 2012, March 2, 2012, 11:20 am. 

Web logs can be analyzed with specific attention to Internet Background Radiation (IBR). Two bands of the IBR spectrum include scanning and misconfiguration where details about attacker and victim patterns are readily available. Via web application specific examples this discussion will analyze attacks exhibiting traits, trends, and tendencies from the attacker and victim perspectives.

A video recording of Russ' RSA Conference 2012 presentation, Evil Through The Lens of Web Logs, is available on YouTube. This is a short version, intended to be TED-like, of an hour long presentation. The slide deck for the full presentation is available here.

Web logs can be analyzed with specific attention to Internet Background Radiation (IBR). Two bands of the IBR spectrum include scanning and misconfiguration where details about attacker and victim patterns are readily available. Via web application specific examples this discussion will analyze attacks exhibiting traits, trends, and tendencies from the attacker and victim perspectives.