AppSec Blog: Category - Uncategorized

AppSec Blog:

HTML5: Risky Business or Hidden Security Tool Chest?

I was lucky to be allowed to present about how to use HTML5 to improve security at the recent OWASP APPSEC USA Conference in New York City. OWASP now made a video of the talk available on YouTube for anybody interested.

http://www.youtube.com/watch?v=fzjpUqMwnoI

 

AppSec at RSA 2012 Conference

I attended the RSA conference last week in San Francisco for the first time, and enjoyed the city. Excellent restaurants like Slanted Door, Canteen, Barbacco and especially Commonwealth, the Wharf, Chinatown, the almost perfect weather.

I was surprised at the scale of the conference, the impressive number of IT security professionals who came from everywhere, and the even more impressive number of technology vendors represented. The exhibition floor was overwhelming: huge booths with their own bars and free drinks, lovely booth bunnies in racing suits and blue wigs, race cars, a robot, a real sumo wrestler, lots of games and contests, even a "beat the freak" - a chance to put on gloves and beat on a salesman. Most of the technology was targeted to the enterprise of course, SIEM systems and enterprise ID management systems, and highly scalable next generation and next next generation firewalls, and lots of endpoint security solutions. And vulnerability scanning technology of

...

Spot the Vuln - Shape

I was scared I was going to have some weird shape to my head and I was pleased that I didn't.
Edward Furlong

Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.
...    

Spot the Vuln - Third

Sullivan's Law: When given the choice between two alternatives, always pick the third!
Patrick H. Sullivan

Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.



insert( $ninja_annc_table_name, array( 'begindate' => $ninja_annc_begindate, 'enddate' => $ninja_annc_enddate, 'message' => $ninja_annc_message, 'active' => '0', 'location' => $ninja_annc_location ) );
}else{
$wpdb->update( $ninja_annc_table_name, array( 'begindate'

...

Developer Survey for BSides London

To prepare a talk a BSides London, Chris Riley is looking for some input from developers and managers about application security. Please take a couple minutes to help him out.

http://svy.mk/i5aV0N