June 28th, 2008 Anthony Towry
This year's Defcon event is well under way. The speakers list has been finalized and I'm already thinking about what talks I want to make it out to.
Here's my hit list so far, which I'm guessing will get totally screwed by the time slots.
- MetaPost-Exploitation : Valsmith and Colin Ames
- VulnCatcher: Fun with Vtrace and Programmatic Debugging : atlas
- Playing with Web Application Firewalls : Wendel Guglielmetti Henrique
- Grendel-Scan: A new web application scanning tool : David Byrne and Eric Duprey
- Wide World WAF's : Ben Feinstein
- Advanced Software Armoring and Polymorphic Kung Fu : Nick Harbour
Additionally, the EFF and All Your Sploits Are Belong to Us panels might be fun. Oh, and whatever Dan Kaminsky has to talk about will most certainly pack the house.
Posted in Uncategorized | No Comments »
June 5th, 2008 Anthony Towry
If you didn't get the chance to hit this year's SchmooCon or were too busy enjoying yourself to actually attend talks, the presentation videos are now available. You can get the full scoop (including a naming issue) here: http://www.room362.com/archives/192-ShmooCon-2008-Videos-Hit-the-Shelves.html
Posted in Security, conferences | No Comments »
May 26th, 2008 Anthony Towry
AusCERT has concluded and the boys over at Risky Business Podcast have posted quite a few one on one interviews with some of the speakers. One such interview is with Brian Snow, former Technical Director of IAD for the National Security Agency.
Mr. Snow talks about some of the challenges that software development firms face when considering the gravity of the risks being accepted by not weaving security into the SDLC. Snow goes on to say that developers participating in a given project cannot be objective enough to accurately determine it's defects.
I can go with Snow on the result, but not on the cause. Most developers aren't in any position to determine whether or not their code is secure. That said, it's not a result of being too close to the product. It's that software security training never comes up for most developers. Not in college, not on the job, not on their own. It never shows up.
I believe that Developers CAN learn to locate issues in their own code. The act of writing tests and rolling boundary cases through an application isn't a completely foreign concept. Security bugs are a defect like anything else. Nothing magical or mysterious, just another class of software defect that needs to be addressed and given the proper amount of attention to prevent.
Mr. Snow goes on though to talk about issues that absolutely are at the heart of the problem, such as the rush to market and the inability of firms to consider targeted malice. Business unit pressure for time and costs often squeeze out the feature of adequate security testing.
There's nothing really earth shattering about this talk, but I get a little excited when application security is getting air time.
Posted in Programming, Security, conferences | No Comments »
May 3rd, 2008 Anthony Towry
In case you didn't make it to Hack In The Box Dubai this year, the materials are now available online. Some speakers of note that might be of interest are Adrian Pastor and PDP of GNUCITIZEN, Cesar Cerrudo as well as a keynote delivery by Jeremiah Grossman.
Hopefully we'll see some videos posted soon to supplement the slide and code dumps.
Posted in Security, conferences | No Comments »
October 22nd, 2007 Anthony Towry
In this episode I run down some of the fun and excitement of Tulsa Techfest '07. So sit back and enjoy as I regale you with tales of Silverlight and Oktoberfest brew. Techfest was another smashing success!
The Decision - Episode 4 [13:14m]:
Play Now |
Play in Popup |
Download (65)
Posted in Podcast, conferences | No Comments »
