This presentation was by Michael Coates, the AppSensor Project Lead. Michael works as a Senior Application Security Engineer at Aspect Security. AppSensor is a real time defense system with the goal being to protect an application by detecting who is bad and getting rid of them before they do bad things. My notes from this […]
This presentation was by Lars Ewe, CTO of Cenzic on AJAX applications and trying to explore the different implications of running AJAX in your environment. My notes are below: Agenda What is AJAX? AJAX and Web App Security AJAX and Test Automation Vulnerability Examples: XSS, CSRF, & JavaScript Hijacking AJAX Best Security Practices Demo Q&A […]
This presentation on the OWASP Software Assurance Maturity Model (SAMM) was by Pravir Chandra, the project lead. I was actually really excited in seeing this topic on the schedule as SAMM is something that I’ve been toying with for my organization for a while. It’s actually a very simple and intuitive approach to how to […]
The first presentation of the day that I went to was by GE’s Darren Challey and was about GE’s application security program and how he took a holistic approach to securing the enterprise. My notes on this presentation are below: Why is AppSec so hard? AppSec changes rapidly (look at difference between 2004, 2007, and […]
The second presentation of the morning was various members of the OWASP board speaking about the goals of OWASP for the upcoming year. My summary is below. Jeff Williams Cross Site Scripting is an epidemic We need to view insecure software as a disgrace Everything OWASP is free and void of commercialism “When information comes […]
It’s my second year at the OWASP AppSec Conference and this year it is in Washington, DC. The New York City Conference last year proved to be probably the best conference I’ve ever been to. Based on the agenda and the facilities, this year is looking very promising. Today’s keynote is by Joe Jarzombeck, the […]
We get a decent bit of Web traffic here on our site. I was looking at the browser and platform breakdowns and was surprised to see IE6 still in the lead! I’m not sure if these stats are representative of “the Internet in general” but I am willing to bet they are representative of enterprise-type […]
A year ago I wrote about Oracle’s plan on how to combine BEA Weblogic and OAS. A long time went by before any more information appeared – we met with our Oracle reps last week to figure out what the deal is. The answer wasn’t much more clear than it was way back last year. […]
Besides all the sessions, which were pretty good, a lot of the good info you get from conferences is by networking with other folks there and talking to vendors. Here are some of my top-value takeaways. Aptimize is a New Zealand-based company that has developed software to automatically do the most high value front end […]
After a hearty trip to Gordon Biersch, Peco went to the Ignite battery of five minute presentations, which he said was very good. I went to two Birds of a Feather sessions, which were not. The first was a general cloud computing discussion which covered well-trod ground. The second was by a hapless Sun guy […]
