OK, OK, I've failed miserably to keep this blog even vaguely upto date.
But I've just got back from OWASP AppSec EU 2011, so a quick review is a good way to kick it off again.
I'm relatively new to the security 'scene' so it was the first major OWASP event I've been to, and I didnt really know what to expect.
What I found was a great bunch of people - friendly, helpful and supportive. I had a great time.
The location, venue and organization was excellent - obviously Dublin's a great city, and Trinity college was an ideal venue.
And congrats to the organizers - they did a really good job.
As there were 3 talks going on at any one time there were quite a few I wanted to go to but couldn't - I'll definitely watch them on video when they get posted.
Of the ones I did get to my favorites were:
How to become Twitter's admin: An introduction to Modern Web Service Attacks
That introduced me to a whole new range of web service specific attacks I didnt know about.
I think some people in the audience got a bit hung up on the fact that there were countermeasures to the examples given. But there are countermeasures to things like SQLi and XSS and they still happen all too frequently!
Integrating security testing into a SDLC
A very polished performance from the IBM speaker, but it was engaging and full of real world experience.
Python Basics for Web App Pentesters
I'm an old school perl hacker, and I've been meaning to delve into some of the newer scripting languages for ages.
And Justin's convinced me to go for Python first.
Putting the Smart into Smartphones
Packed room for this one, and for a very good reason.
Lots of really useful examples, advice and guidance.
Obviously I cant really give an objective opinion about my own talk "An Introduction to the OWASP Zed Attack Proxy".
From my point of view there were things that could have gone better: my throat was killing me, and I had problems with the wireless mic (not used one before).
But the talk was well attended and seemed to go down well.
And it was a great place to showcase ZAP 1.3.0 (which I'll post about soon)!
Any feedback gratefully received (especially if its constructive;).
I'll post a link to the slides and video from here when they're uploaded.
Unless I really cant stand the video ;)