Toronto, Canada

Opheliar Chan

Opheliar is a principal security consultant at Security Compass, where she provides expert application security advisory and testing services. She has formerly done security research, development, and technical writing.

Her stated goal is to find ways to combine her experience, interests, and skills to explain security concepts in an accessible, no-nonsense manner, and to help others implement security practices pragmatically. She has spoken at a number of conferences about software security, and is an active supporter of the OWASP Toronto Chapter.

Areas of Expertise:
Advisory Services
  • Application Security Baseline and Framework Development
  • Application Risk Profiling
  • Agile Security Advisory
  • Software Development Life Cycle (SDLC) Gap Analysis and Best Practices
  • Secure Development Standards
  • Security Program Management and Execution
  • Periodic Security Assessments & Delta Analysis Program
Verification Services
  • Architecture Review and Threat Modelling
  • Web Application Security Assessment
  • Mobile Application Security Assessment
  • Source Code Review
  • Vulnerability Triaging for Static and Dynamic Analysis Results
  • Network Security Assessment
  • Financial Services
  • Technology

Hon. B.Sc - Computer Science in Software Engineering
University of Toronto, St. George Campus
Toronto, Ontario, Canada

  • Testing the OWASP Top 10 (TASSQ, 2015)read
    • This presentation provides an introduction to the OWASP Top 10 2013 list and provides resources and tools to help testing teams build their own verification and testing checklist. Basic strategies for detecting SQL Injection and Cross-Site Scripting vulnerabilities are covered in more detail.
Press Mentions:
Events & Associations:
  • TASSQ (Toronto Association of Systems & Software Quality)
Back to Our People

Our Advisory services team has more than a decade of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.