Software Defects – The Broken Windows of Cyberspace

We are gearing up for a major push of strategic security work and as part of the backgrounding for one of the areas I will be working on, I spent an hour of my day listening to a 2009 presentation by David Rice, author of “Geekonomics – The Real Cost of Insecure Software”. which I have embedded below. It’s on the long side at around 1 hour, but certainly worth reviewing. If you can spare an eyeball, take the time to watch the presentation as Davids style is engaging and about as far from “Death by Powerpoint” as you can get.

Geekonomics: The Real Cost of Insecure Software from David Rice on Vimeo.

In typical spooky timing, a reminder about the OWASP NZ Day on July the 7th arrived in my inbox right in the middle of me watching the presentation video.

For those with an interest in security, but yet to attend an OWASP event, it’s certainly something I’d recommend (register here)- not only for the opportunity to chat to others in the industry, but for the great line up of speakers. This year, the event will again be held in Auckland and boasts the following topics:

  • Secure Development: What The OWASP Guide Didn’t Tell You – Blair Strang, Security-Assessment.com
  • I <3 Reporting – Managing Effective Web Application Assessments – Andrew Evans, Kiwibank
  • Testing Mobile Applications – Nick von Dadelszen, Lateral Security
  • Web Crypto for the Developer Who Has Better Things to Do – Adrian Hayes, Security-Assessment.com
  • Concurrency Vulnerabilities – Brett Moore, Insomnia Security
  • A Day in the Life of a WAF – Sam Pickles, F5
  • HTML5 Security – Mike Haworth & Kirk Jackson, Aura Information
  • Security File Uploads are Evil – Kirk Jackson, Aura Information
  • Security Sleeping Easy: Architecting Web Applications Securely – Mark Young, Datacom
  • Real Applications, Real Vulnerabilities, Really Exploited – Quintin Russ, SiteHost

For the developers, there are two 3 hour training courses also being held in parallel to the conference, but with seating limited to 20 participants per session, I’d suggest registering quickly to reserve your spot. More information can be found here.

Notes from Barcamp Auckland 2010

Barcamp Auckland is an annual gathering of developers, designers, start-ups and social-media types. It’s a full day event held in an ‘unconference’ like style, where the attendee (see my attendee & interested folks list on Twitter) set the schedule – and people turn up to discuss topics which interest them.

The following are the session notes I took during this years Auckland Barcamp

Continue reading “Notes from Barcamp Auckland 2010”