Pete Herzog, Founder of ISECOM, will be discussing the revised Open Source Security Testing Methodology Manual (OSSTMM v3) and how it applies to web application security today (10-13-2010) in Raleigh, NC.Pete rarely gets to the US, so this is a unique opportunity for security professionals to have an open discussion with him about trust-based security models and how to apply sound logic to securing and testing web applications.\u201cAbout 5 years ago, while searching for any existing methodologies, I stumbled across ISECOM and the Open Source Security Testing Methodology Manual. It changed the way my company and I engaged with clients at every angle,\u201d Michael Menefee of WireHead Security recently wrote.\u201cAs a security consultant, I\u2019ve always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client\u2019s network or business,\u201d Menefee stated. \u201cThis would, of course, require both a data collection methodology as well as a reporting methodology in order to work properly.\u201dThe OSSTMM is a peer-reviewed methodology for performing security tests and metrics, and the test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.On the origins of the OSSTMM, Pete Herzog wrote that, \u201cin the research for factual security metrics, factual trust metrics and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards. Risk stuck us into a never-ending game of cat and mouse with the threats.\u201d\u201cBeginning with version 3, the OSSTMM is no longer just about security testing. The break-throughs we\u2019ve had in security had us re-visit how we work with security. This includes risk assessments.\u201dChristoph Baumgartner, CEO of OneConsult GmbH in Switzerland \u2013 whose firm has been using the OSSTMM methodology since its inception \u2013 recently commented on the value proposition the methodology standard offers, stating that, \u201cthe most important aspect is that we have an easier time keeping our clients. Most of the companies and organizations which order security audits on a regularly basis are fairly well organized and have a strong interest in gaining and keeping an adequate level of security.\u201d\u201cHaving the attack surface metrics, the ravs, means that they can watch trends and keep a close eye on how changes in operations affect their security directly. I can definitely confirm that many of our clients who have to change the supplier for security policy reasons expect their future suppliers to apply the OSSTMM.\u201dOSSTMM was developed by the Institute for Security and Open Methodologies (ISECOM), a non-profit collaborative community established in January 2001.ISECOM is dedicated to providing practical security awareness, research, certification and project support services for non-partisan and vendor-neutral projects to assure their training programs, standards, and best practices are truly neutral of national or commercial influence.