News & Events

Our involvement within the security community

Contact Us

Contact us about your specific questions Email Us

AppSec DC 2009: The OWASP Conference

Held in the Washington D.C. convention center, AppSec will be the largest application security conference ever held in the Washington DC area. Piscis Founder Matt Fisher spoke at the first OWASP conference in Gaithersburg, MD in 2005 and he's proud to be continuing the tradition by speaking against in 2009 on assessments that go beyond scanner monkeys.

Remember: monkeys are great for helping you with your glasses, or putting a DVD in the player for you. At one restaurant in Japan, they can even bring saki to your table, but they aren't an assessment program.

Washington D.C. OWASP

August 20, 2008

"The Big Picture": perspectives on the shortcomings of scan-centric assessments. This talk highlights technical shortcomings in common web application assessment practices and proposes a more comprehensive approach.

DojoSec: Beyond Scanning.

August 6th 2009

By request giving our "Beyond Scanning" talk to the DoD and commercial community that attends the DojoSec briefings in Maryland. Going beyond vulnerability talk, this presentation on the importance of methodlogy and cognitive assessments beyond the brain-dead application of redundant scanning is becoming increasingly popuplar as the market wakes up to the shortcomings of a "spray and pray" assessment approach.

Defense Cyber Crime Conference

Wednesday January 28, 2009

Back for their fourth year speaking at this Department of Defense oriented conference, Piscis will present the later version of "The Big Picture." This talk is an unabashed look at the role and limitations of automated technologies in a complete web risk assessment by an industry pioneer and veteran. Whereas once a good web scanner could be thought of at the sum total of a strong web application security program, now it's only the beginning. We will look at a broader picture of web risks and their associated threats, and what assessment techniques and technologies can be applied to them.

LifeCycle Security Conference

Friday August 7th 2008, Las Vegas (following the BlackHat international hacking conference)

"The Big Picture: Web Risks and Assessments Beyond Automation" will focus on the need to risk and threat model software and pick appropriate peoples, tools, and testing techniques to test against the threat model. In today's resource-constrained market many organizations are simply turning to automation to test their software security without truly understanding the limitations. This talk will discuss some of the broader threat cases, testing techniques for them, and whether current state of the industry technology is effective against them.