mostly useless crap from me

For those of you sitting on the fence about coming to OWASP AU 2009, it’s time to book.

The training materials I’ve developed using OWASP ASVS covers all the ground in the ASVS in one day, from a developer perspective:

• About the Application Security Verification Standard
• What you need to verify code
• About Risk 
• The ASVS Levels
• Verifying Architecture
• Verifying Authentication
• Verifying Session Management
• Verifying Access Control
• Verifying Input validation
• Verifying Output encoding / canonicalization
• Verifying Cryptography
• Verifying Error Handling / Logging
• Verifying Data Protection
• Verifying Communications Security
• Verifying HTTP Security
• Verifying Configuration
• Verifying Malicious Code
• Verifying Internal security controls
• How to write a decent report and how to communicate (good and) bad news 

It’s going to be a long day, so bring your game to the sunny Gold Coast, Australia. OWASP AU is a true bargain compared to commercial offerings.

If you have some training budget, book a ticket and come see me and have a blast!

Book my course now

All about OWASP AU 2009

It’s a bit of a shock coming back. Some things are the same, many things are very different. 

I had been homesick for some time, and I was glad to meet up with my family and my cat(s). Unfortunately, Greebo either did not remember me or worse, didn’t want to talk to me. Meebles was not to be found. I hope I can look after them again soon. Mackenzie is a universal hit here with everyone, which is awesome. She’s also taking well to so many new faces. 

The weather changed from being icy and snowy -5 C (20 F) to a scorching 47.9 C (118.2 F), with the worst fires on record raging about 200 km from where we now live. We’re okay – even if so many are not. My thoughts are with those affected by the fires. 

The sunsets are glorious – I’ve missed them. You can only work this out once you actually viscerally experience something old you fondly remember. The light is different here, and not just because the air is tinged with burnt ash and smoke. 

The shopping hours shortened, the online shopping options that were in Australia seemed to have disappeared. I remember far longer hours in the past, and many more options … but they’re gone. Oh well. 

I managed to drive on the correct side of the road with no real issues – still haven’t turned into the wrong lane, although shopping center car parks are still interesting. 

TV is still crap, and yet awesome. I had missed good news coverage, and weather forecasting that is within 1 degree C of the actual temperature a few days out, and now I have it back. I miss the ease of watching what I want on my Tivos, but then again, I know have a lot more time to do stuff with my family. I always found US TV a bit odd – almost everything was bleeped, but there was no diminuition in the number of bleeps. Tonight, I watched a depression special with one of the world’s best comedians, Stephen Fry, and he dropped the c word, and various other words that would be bleeped in the US. I will not miss the bleeping.

We’re well on our way to restarting our life here. Life is good.

I will be speaking at OWASP AU 2009 this year!

I am conducting a one day training session on how to BUILD secure applications using ESAPI and verifying the same using Application Security Verification Standard (OWASP ASVS). If you are a builder, you will want to attend that class, which is very reasonably priced at USD $650. Typical instructor led training is $2500 per day – at least. The main conference is only USD $425, which is a bargain compared to Black Hat or RSA. 

During the two day main agenda, I will be speaking about why you should be protecting your VALUE, and not worrying so much about THREATS. It’s time we stopped worrying so much about XSS and so on, and move on to something that actually pays some returns. 

Get your registration fingers happy here:

• OWASP AU 2009 Main Page
• OWASP AU 2009 Agenda
• OWASP AU 2009 Training Schedule
• OWASP AU 2009 Registration

See you there!