The Developer Guide is a huge project; it will be over 400 pages once completed, hopefully written by tens of authors from all over the world, and will hopefully become the last “big bang” update for the Guide. The reality is our field is just too big to do big bang projects. We need to…
Author: vanderaj
Speaking at Linux.conf.au 2013
I’m glad to say that I’ve been accepted to speak at linux.conf.au 2013. My talk is how to apply the OWASP Developer Guide 2013 to your open source project. The Open Web Application Security Project (OWASP) Developer Guide 2013 is coming soon. In this presentation, you’ll learn about the major revision to one of the…
Shame, Slashdot, Shame – misogyny and moderation
Our industry suffers from a lack of women – women in senior positions are very rare, women who do what I do I can count on my hands without resorting to binary, and there are so few women coming out of Uni comp sci, developers and engineering courses that I can use and craft into…
PCI DSS QSA vs ISA smack down
In his post “PCI’s Money Making Cash Cow“, Andrew Weidenhamer must have had a bad week of being challenged (or in his words, “bullied’) by an PCI DSS Internal Security Auditor (ISA). This is not acceptable, but QSA’s must accept that their advice is there to help the organization become compliant, not to provide a…
Fedora 17 install on VMWare Fusion 4 / Workstation 8
I am moving over to using Fedora from Ubuntu as I am helping out with the OLPC XS (School Server) on XO laptop effort, which is Fedora based. Fedora 17, codename The Beefy Miracle (seriously), has just been released, so it’s time to update my Linux development workstations. Installing Fedora 17 in VMWare Fusion /…
On penetration testing – harmful?
Over at Sensepost Security, there’s a new blog entry wondering about Haroon Meer‘s talk “Penetration Testing Considered Harmful“. Those who know me know that I’ve had this view for a very long time. I’m sure you could find a few posts in this blog. Security has to be a intrinsic element of every system, or…
OWASP Development Guide – what do you want in, and what do you want out?
It’s time to do some curating of the OWASP Developer Guide. This is where my tastes meet the community’s – what do you want in the Guide, and what do you want out of the guide? As much as I want to be comprehensive, there is a real risk that a 800 page book would…
OWASP Guide 2013 Development
It’s been nearly seven years since I finished the herculean effort of holding down a day job and leading, editing or excising the existing material, cat herding all the collaborators, and writing a goodly portion of the OWASP Developer Guide 2.0. I finished PDFing 2.0 around 4.30 am and pushing it to the OWASP website….
Safety culture – let’s add it
Last year, I was at a site which took safety very, very seriously. On the wall in a break room was a poster with several steps that I think we in the security industry could learn from: Eliminate the risk. In this case, if you see a risk and it has a known solution, that…
Political expediency
Last week, Julia Gillard listened to Clubs Australia and the few voters out at Rooty Hill RSL rather than do the right thing and fix problem gambling. In her announcement, she used the code word “gaming”, which is industry speak that doesn’t like to be called “gambling”. By using this special phrase, it’s obvious that for-profit…