Ferruh Mavituna is the Founder and CEO of Netsparker and Product Manager of its accolade-collecting web application security scanner. His professional obsessions lie in web application security research, automated vulnerability detection and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cyber-security conferences and on podcasts. Exuberant at the possibilities open to enterprises by the deployment of automation, Ferruh is keen to demonstrate what can be achieved when this is combined with the Netsparker's dead accurate, proof-based scanning engine.
Born in 1983 in Istanbul, Turkey, his curiosity was piqued at the age of 12 when his father bought a Commodore 64. He began developing with the help of computer magazines until he convinced his father to buy a real computer. Discovering the internet was the turning point in his life. Later, though Ferruh graduated from The Technical Senior School of Anatolia, he had no desire to pursue academia and began working.
By the end of the 90s, he was working as a graphic designer and web developer. But, because no-one knew how to, he also taught himself how to code on his own project. Even though he loved it, his main interest in web security began with a random phone call when a friend asked him if he knew about “hacking”. By 2003, he'd started working as a penetration tester and trainer, providing consultancy on web security. And, even though there was no such thing as in Turkey at the time, the following year he founded the country's first web security company. Unfortunately, it failed within a year.
A chance opportunity to work with Europe’s biggest security company as a penetration tester prompted Ferruh's move to the UK in 2006. Even though his English language skills were limited due to a lack of practice, his technical skills were highly valued. Soon, he was devoting entire days to manually verifying the results of automated web security scans and weeding out false positives.
It was the exasperation that arose from this manual effort that became the impetus for his determination to craft an end to end solution – one that would eliminate the heavy lifting previously required to verify scan results. Netsparker was released commercially in 2009, ripping apart the rule-book with its unique Proof-Based Scanning technology. In 2013, and several subsequent years, Netsparker was rated independently by Shay Chen in the Web Application Security Scanner (DAST) Benchmark as the best web application security scanner on the market and the only one that identified all vulnerabilities.
With his eye on the increasing number of web applications developed and managed by enterprises and the need for scalability, Ferruh oversaw the release of the enterprise edition, Netsparker Enterprise, in 2015. More recently, in 2018, Netsparker raised $40M in financing led by Turn/River Capital. And in the same year, Netsparker was awarded the prestigious Queen's Award for Enterprise in the International Trade category.
Yet it is not only investment size or awards that mark the milestones in Ferruh's journey, but the calibre of Netsparker's clients, including giants such as Samsung, NASA, DELL, Vodafone, the US Department of Homeland Security, ING Bank, KPMG, Deloitte, PWC, and Ernst & Young.
Looking to the future, Ferruh insists that since many companies now manage several thousand websites, the need for automation is more obvious. His palpable enthusiasm drives a geographically dispersed and multi-cultural, but tightly integrated team – one that is motivated not only by his business achievements but by his commitment to challenging the status quo.
Many organizations have thousands of web applications but almost none of them have a scalable program to be in control of their web security posture. This presentation will explain what key components a good web application security program needs and how you can build or improve your application security program.
Spending more than a decade securing web applications, we’ve seen organizational and technological challenges. Based on our success and learning over a decade we built a straightforward, actionable and result-oriented program that will make your organization measurably more secure within 3 months.