I’m glad to say that I’ve been accepted to speak at linux.conf.au 2013. My talk is how to apply the OWASP Developer Guide 2013 to your open source project. The Open Web Application Security Project (OWASP) Developer Guide 2013 is coming soon. In this presentation, you’ll learn about the major revision to one of the… Read More


I am scheduled to talk or give tutorials at a couple of places so far this year. AusCERT I am giving a two day Secure Coding tutorial using OWASP’s Application Security Verification Standard. This course is different to most security training courses you’ll ever take. It teaches architects, lead developers and developers how to design… Read More


Well, OSCON is over for another year. It’s been a great conference. Shame there were essentially no security talks (1/216 talks is not good enough). I will have to talk to them next year about including a Security track or let OWASP organize a Security Camp, like Scala and the cloud folks had this year.… Read More


Woke up at 5.55 am. Mr Body is seriously confused. I finished breakfast by 7 am. This is not right. Scalable Internet Architecture – Theo Schlossnagle I’m very sorry Theo, but I couldn’t take much more hand waving and so I left at half time. I think this is more about where I am in… Read More


Travelling to the USA was as exhausting as ever. I flew on the new A380 with Qantas. Nice plane. As per usual, there’s a mix of flight attendants – the openly hostile, the “can’t see you, didn’t see you”, and my favorite, the “never around”. We were down the back of the aircraft, which is… Read More


I know I’ve ranted about this before, and this post is no different. OSCON still doesn’t have any security talks, which is like an engineering conference that doesn’t have any structural integrity talks. A sample of non-functional requirements in the OSCON 2010 program: Configuration Management – check* Deployment – check Documentation – check Efficiency – check*… Read More


OWASP EU 2009 is coming up! This year, it’s held in Kraków, Poland. Time to book! Program highlights: Keynote: Ross Anderson from Cambridge University. I’ve wanted to meet Ross for many years. Those guys are legends! Keynote: Bruce Schneier. I bet there are groupies w3af – Andrés Riancho. This is one of the best free toolkits I’ve tried… Read More


For those of you sitting on the fence about coming to OWASP AU 2009, it’s time to book. The training materials I’ve developed using OWASP ASVS covers all the ground in the ASVS in one day, from a developer perspective: About the Application Security Verification Standard What you need to verify code About Risk  The… Read More


Although I am unable to attend, I hope you can attend the OWASP EU Summit, to be held next week in Portugal. There’s going to be lots of discussion about OWASP’s various projects, and work out futures for all of them. It’s going to be a defining event in OWASP’s existence, and I wish I… Read More


Well, I’m back from another year at Black Hat. This time, I taught one of my company’s 2D Web Application Security courses. I think I may have been one of the very few courses that concentrated on defense, which is Black Hat’s tongue in cheek slogan (“Digital Self Defense”). I taught the folks in there… Read More