AppSec USA 2012, the big OWASP security convention, is here in Austin this year! And the agile admin’s own @wickett is coordinating it. “Why do I care if I’m not a security wonk,” you ask? Well, guess what, the security…
AppSec USA 2012, the big OWASP security convention, is here in Austin this year! And the agile admin’s own @wickett is coordinating it. “Why do I care if I’m not a security wonk,” you ask? Well, guess what, the security…
As I’ve been involved with DevOps and its approach of blending development and operations staff together to create better products, I’ve started to see similar trends develop in the security space. I think there’s some informative parallels where both can…
Recently I have been reading on OPSEC (operations security). OPSEC, among many things, is a process for security critical information and reducing risk. The 5 steps in the OPSEC process read as follows: Identify Critical Information Analyze the Threat Analyze…
Why The Cloud Is More Secure Than Your Existing Systems Saving the best of LASCON 2010 for last, my final session was the one I gave! It was on cloud security, and is called “Why The Cloud Is More Secure…
HTTPS Can Byte Me This paper on the security problems of HTTPS was already presented at Black Hat 2010 by Robert Hansen, aka “RSnake”, of SecTheory and Josh Sokol of our own National Instruments. This was a very technical talk…
Tell Me Your IP And I’ll Tell You Who You Are Noa Bar-Yosef from Imperva talked about using IP addresses to identify attackers – it’s not as old and busted as you may think. She argues that it is still…
Mitigating Business Risks With Application Security This talk was by Joe Jarzombek, Department of Homeland Security. Normally I wouldn’t go to a management-track session called something like this, when I looked at the program this was my third choice out…
Why ha.ckers.org Doesn’t Get Hacked The first LASCON session I went to was Why ha.ckers.org Doesn’t Get Hacked by James Flom (who with rsnake is ha.ckers.org). By its nature, it gets like 500-1000 hack attempts a week, but they’ve kept…
Why does bad software happen to good people? First up at LASCON was the keynote by Matt Tesauro from Praetorian (and OWASP Foundation board member), speaking on “Why does bad software happen to good people?” The problem in short is:…
LASCON 2010 was awesome. It’s an Austin app security conference put on by the Austin OWASP chapter. Josh Sokol and James Wickett did a great job of putting the thing together; for a first time convention it was really well…
