Grossman, a former Yahoo security officer, started WhiteHat Security, a software and services firm, in 2001. He's also the co-founder of the Web Application Security Consortium, where he does re- search for its database of Web hacking incidents.
At the Black Hat conference last July, Grossman warned that the corporate world was only 18 months away from cybercrooks hijacking employees' Web browsers and using them to attack systems inside the firewall. There are 100 million Web sites, he says, and many of them have flaws that let outsiders insert malicious code that can infect browsers with malware. Those infected browsers let the attackers steal important information, such as logon names and passwords, as users navigate through intranet-based HR apps or send print jobs over the network.
Security pros have knocked themselves out building perimeter security, says Grossman, but that will mean little if they don't stop outsiders attacking from the inside.