About Ofer Shezaf
My name is Ofer Shezaf, and I have been part of the information security industry for the last 20 years or so, most of them creating new security products.
While I have designed and implemented different information security solutions, I am mostly known as an application security expert. I have spent many years at Breach Security, a WAF vendor, first as CTO, in charge of security research and innovation and later on as VP of product management. I am also passionate about the application security open source community, having founded OWASP Israeli chapter and contributed to the ModSecurity open source WAF project.
I an currently a product manager for security solutions at HP ArSight, though this site reflects only my own ideas and thoughts and not HP's.
Open source initiatives
I am a firm believer in open source and its value to the community and try to find the time to contribute to the community:
- I lead the WebApplication Firewalls Evaluation Criteria (WAFEC)
- I created the 1st version of theModSecurity Core Rule Set (CRS), a unique open source application layer signatures set.
- I started the Web Hacking Incidents Database project (WHID).
- I founded the Israeli OWASP chapter and still serve as a board member.
Special thanks to Ryan Barnett (CRS, WHID) and Ofer Maor (OWASP) for taithfully continuing the work I have started on those projects.
Talks and Publications
I had the opportunity to present a large number of topics in conferences, webinars and papers:
- Can Correlations Protect Web Applications? - OWASP AppSec EU 2012, HP Protect 2012
- Pen-testing RESTful Web Services (video) - OWASP Israel 2011, Source Barcelona 2011, Source Seattle 2012
- Google Apps Security (video) - IGT Could Security 2012, OWASP meetup
- HTML5 Security: Why Should You Care? (Webcast) - BrighTalk Webinars 2011
- Analysis Of The Web Hacking Incident Database (video) - OWASP AppSec US 2008
- WAFs in the cloud - OWASP meetup