Recently, RSA was attacked by adversaries who targeted their two factor authentication fobs. These devices have known MITM issues, but folks still used them because there was so little information out there to say that a better choice is required. RSA liked it that way. RSA chose not to discuss the details of the attack, […]

Upcoming speaking engagements – AusCERT and iTSMF

I am scheduled to talk or give tutorials at a couple of places so far this year. AusCERT I am giving a two day Secure Coding tutorial using OWASP’s Application Security Verification Standard. This course is different to most security training courses you’ll ever take. It teaches architects, lead developers and developers how to design […]

OWASP Podcast 82 – Authorship of OWASP Top 10 2007

Dave Wichers* appears in the latest OWASP Podcast (go get it!). In the podcast, he goes through the huge number of OWASP projects he’s been involved in. There’s no doubt Dave’s massive investment in time, intellectual property, and money have been instrumental to OWASP’s success. Without Jeff and Dave’s leadership and contributions, OWASP would be […]

Need a secure code review? We have slots available

I don’t normally pimp my employer, but I’d rather be doing secure code reviews than pen tests any day of the week. 🙂 We have open slots in our schedule for secure code reviews starting from mid March 2011. We perform our code reviews against the OWASP Application Security Verification Standard Level 2B – Automated […]