doBoard

do… Web Application Development and Security

Archive for the ‘Events’ Category

OWASP February 2008

Friday, February 8th, 2008

At my first local OWASP meeting, Andre Ludwig presented on “…the intersection between web application security and the attackers mindset.”

Doug Wilson and Mark Bristow were very active participants and just happened to have a laptop with the same presentation and security demo I saw them use at Refresh DC a couple months ago. Very handy!

CapSec January 2008

Thursday, January 31st, 2008

After work today I walked to The Brickskeller and enjoyed a couple beers with a few of the CapSec group including Doug Wilson.

One thing we discussed was that with tech groups formed around common interests, like web development, linux, or security, it’s very easy for people to stick with what and who they know. But in security, work roles tend to be multidisciplinary. Security often is one of several hats to wear or is built upon another specialty such as networking or development. Because of this many security professionals have the perspective and the opportunity to cross-pollinate by participating in other groups where security isn’t the primary focus but is still relevant.

I think, the more people who act on that thought, the better for the community.

DC PHP Conference 2007 – Security Highlights

Monday, November 12th, 2007

This year’s conference had a fairly heavy dose of security.

Chris Shiflett’s keynote, “Security 2.0″, included nice discussions of XSS (cross-site scripting) and CSRF (cross-site request forgery) with an AJAX scenario.

Ed Finkler presented on the PHPSecInfo project, a tool to scan the PHP environment for security issues, and Inspekt, a PHP library to protect applications from the potentially tainted contents of superglobals.

Eli White presented “Help, My Website Has Been Hacked! Now What?” and covered how to prepare for and respond to hacking incidents, based on his experiences at Digg.

Damien Seguy presented on MySQL Security.

While not primarily security-related, Keith Casey included some discussion about security while presenting “Designing REST Web Services”.

DC PHP Conference 2007

Tuesday, November 6th, 2007

I’m going to the DC PHP Conference 2007 in Washington, DC, November 7-9. The keynote will be “Security 2.0″ by Chris Shiflett. Looking forward to seeing the PHP security guru in action, and I’ll probably run into several members of the DC PHP Developers Group.