Saturday, 11 June 2011

OWASP AppSec EU 2011 review

OK, OK, I've failed miserably to keep this blog even vaguely upto date.
But I've just got back from OWASP AppSec EU 2011, so a quick review is a good way to kick it off again.

I'm relatively new to the security 'scene' so it was the first major OWASP event I've been to, and I didnt really know what to expect.

What I found was a great bunch of people - friendly, helpful and supportive. I had a great time.

The location, venue and organization was excellent - obviously Dublin's a great city, and Trinity college was an ideal venue.
And congrats to the organizers - they did a really good job.

As there were 3 talks going on at any one time there were quite a few I wanted to go to but couldn't - I'll definitely watch them on video when they get posted.

Of the ones I did get to my favorites were:

How to become Twitter's admin: An introduction to Modern Web Service Attacks 

That introduced me to a whole new range of web service specific attacks I didnt know about.
I think some people in the audience got a bit hung up on the fact that there were countermeasures to the examples given. But there are countermeasures to things like SQLi and XSS and they still happen all too frequently!

Integrating security testing into a SDLC

A very polished performance from the IBM speaker, but it was engaging and full of real world experience.

Python Basics for Web App Pentesters

I'm an old school perl hacker, and I've been meaning to delve into some of the newer scripting languages for ages.
And Justin's convinced me to go for Python first.

Putting the Smart into Smartphones

Packed room for this one, and for a very good reason.
Lots of really useful examples, advice and guidance.

And finally...

Obviously I cant really give an objective opinion about my own talk "An Introduction to the OWASP Zed Attack Proxy".
From my point of view there were things that could have gone better: my throat was killing me, and I had problems with the wireless mic (not used one before).
But the talk was well attended and seemed to go down well.
And it was a great place to showcase ZAP 1.3.0 (which I'll post about soon)!
Any feedback gratefully received (especially if its constructive;).
I'll post a link to the slides and video from here when they're uploaded.
Unless I really cant stand the video ;)



  1. Actually I didn't realize at all problems with your throat. Congrats to your preso again.Technical content and the presentation style was very good!

    Only thing I forgot to ask: What's the current status in terms of collaboration with Andiparos? Last release there was from October and the web site mentions "joined forces".

    Other than that: I am looking forward to the video as you gave a solid walkthrough of ZAP.


  2. Hi Dirk,

    Thanks for the feedback :)

    Andiparos has essentially been replaced by ZAP - the Andiparos project lead (Axel) is now co-leading ZAP with me, and all new development work is focused on ZAP.