When I left for America, I was surprised at how few places accepted electronic payment methods compared to our experience in Australia. By the time we left the USA barely two years later, that was not a problem – almost everywhere took cards. Except … now, we’re back in Australia, and things have gone backward….
ESAPI for PHP news
AccessReferenceMap, RandomAccessReferenceMap and IntegerReferenceMap, and enough of the other classes (FileBasedAuthenticator, StringUtilties, etc) are present and working: This is very good news as although some of the other classes in Milestone 1 are complicated, these two classes were actually going to be some of the hardest to port as PHP does not have the equivalent of J2EE…
ESAPI for PHP – first tests passed
I’ve been working on the essentials for OWASP ESAPI, and now it passes its first set of unit tests, in this case a 1:1 mapping of the ESAPI exceptions test class. This is the first set of classes that fully passes a set of tests that is exactly equivalent to the J2EE trunk SVN. Yes,…
Web training news
No posts for like a month or two, and two in one day? Time for some shameless crass philanthropy and some good natured commercialism. In some exciting news: I’ve donated my one and a bit ESAPI / ASVS training deck I gave at OWASP AU 2009 to OWASP! It’ll be available as soon as the education project…
ESAPI for PHP
Last night, I spoke to the phpMELB folks for an hour on ESAPI for PHP. The talk went well, and they taped it. When the video appears, I will link to it. More importantly, I worked on ESAPI for a couple of hours after returning last night, and finally have something to show everyone! ESAPI for…
Training coming along nicely
For those of you sitting on the fence about coming to OWASP AU 2009, it’s time to book. 🙂 The training materials I’ve developed using OWASP ASVS covers all the ground in the ASVS in one day, from a developer perspective: About the Application Security Verification Standard What you need to verify code About Risk …
Back in Australia
It’s a bit of a shock coming back. Some things are the same, many things are very different. I had been homesick for some time, and I was glad to meet up with my family and my cat(s). Unfortunately, Greebo either did not remember me or worse, didn’t want to talk to me. Meebles was not…
Speaking at OWASP AU
I will be speaking at OWASP AU 2009 this year! I am conducting a one day training session on how to BUILD secure applications using ESAPI and verifying the same using Application Security Verification Standard (OWASP ASVS). If you are a builder, you will want to attend that class, which is very reasonably priced at…
Andrew: Cultural Learnings of America Benefit Glorious Nation of Australia
Well, it’s time to go home. We’re leaving the USA at the end of the month, and should be back in Australia February 2-4. It’s going to be a bit busy over the next few weeks whilst we pack, sell all our worldly goods, and organize our new life in Australia. I’ve had a blast whilst in the USA,…
How today’s Twitter Attack Might Never Have Been
I feel sorry for Twitter – they have the poster child of low value apps (which usually means no security controls or review), and then all of a sudden, they get done over using such a simple attack that it’s generous to call the attack a “hack”. Of course, because of the targets – Barak…