Well, that was Day 3 of Defcon out of the road. I didn’t get to see too many actual talks due to the hallway track being far more interesting than the actual three track program. Again, few webappsec talks, and some were repeats of the BH talks I’d already seen. I caught up with a…
Category: Security
BlackHat Day 2
Day 2 had a complete web app sec track. This is a huge change from last year, where there was like … my talk and that was about it. And you know what? It was full! Every session I’ve attended so far today has been near full. Plus, it’s top material. Let’s get on with…
Blackhat Day 1
“TBA” – David Litchfield David did a talk on the problems with Informix. Awesome talk, and shows that all database servers are vulnerable. He totally 0wned his server in a set of well rehearsed demos. I don’t use Informix so it wasn’t that useful to me, but a take home message is total props to…
OSCON
Work: I owe my boss a huge beer (and a document) and an apology when I get back to Australia. Personal life: in the dog house. I got very little sleep these last few days, and I bet my other half is feeling far worse than me. Hopefully, she can come to Vegas so we…
Press: Q&A on Ajax / SOA Security
Colleen Frye from SearchAppSecurity.com, interviewed me via e-mail a couple of weeks ago on the OWASP Ajax security research and materials I’ve been pumping out. Although she asked for brief answers, to paraphrase Mark Twain, I didn’t have the time to write shorter answers. The results are now available for your reading pleasure. Part 1…
A quickie
Here’s a single slide from the PHP security architecture slide deck. When I’ve sorted myself out in terms of demos for OSCON, I will release the entire thing when it’s in better shape (and smaller for the web – this Keynote theme seems particularly heavy). Slide 9 (1.2 MB, pdf)
PHP Security Architecture
[ EDIT: a comment I wrote in this entry referred to Laura Thomson as one of the reviewers of the OWASP Top 5 article. Although I have discussed other PHP related things with Laura, this article is not one of them. I’ve carefully reviewed my Sent folder during this time, and I’ve updated the reviewers…
OSCON 2006 – See you there!
Just a quick note as to the quietness of the blog. I’m working on a few things: my slides for OSCON (webappsec 150 tutorial, and updating my Ajax presentation to include the latest research and make it a bit more (ahem) controversial to liven things up) doing demos for the above my slides for OWASP…
Updated Ajax Security presentation
I’ve updated the Ajax presentation to the slide deck I gave at OWASP EU. New pictures. More content. More size! (4.3 MB) Get it here: Ajax Security (4.3 MB PDF)
OWASP EU – Day 2
Excellent day again. I’m still waking up far too early, but that’s okay, particularly since I had still to complete my Day 2 keynote slides, much to Dave’s disgust. – Leuven University The keynote went well, but I finished what I thought was early, when in fact, it was dead on time. This left Ivan…