As an application security consultant and vulnerability researcher, Tim has been taking deep technical dives in security for over a decade. In that time, he has been credited with the discovery and responsible disclosure of numerous security vulnerabilities in a variety of software products, including: IBM Tivoli Access Manager, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, Oracle WebLogic Application Server, and IBM Websphere Commerce. His current research interests include applied cryptanalysis, XML external entities attacks, and network timing attacks. Tim develops and maintains several open source forensics tools in addition to Bletchley, an application cryptanalysis toolkit.
Tim works to secure his customers’ environments through black box testing, code reviews, social engineering exercises, security training, and a variety of other services. Previously, Tim worked at for a Boston-based security consulting firm as a lead security consultant and researcher. Tim has also worked on security teams at financial services companies and as a software developer. Tim has worked in a variety of roles in the information security field including incident response, digital forensics, and risk analysis, giving him a broad set of experiences to draw upon. Tim earned his
computer science degrees from Harvey Mudd College and Northeastern University and currently resides in Portland, Oregon where he leads the local OWASP chapter.
Sessions for this user
Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. What does that mean? I will show you the common patterns of injection that occur, what their impact might be, and how to avoid them.