Tech/Horsepower

Previously posted and imported from elsewhere (Day 2 and 4 by Jon)

Today brought us the real meat of the week, conference day one. This is my first industry engagement and I found it quite easy to get registered, figure out where things are happening and understand the lay of the land. Quite a bit happening all at once; three different presentation tracks, a bustling vendor area, many coffee-and-tea stops (which I used frequently!), people moving all around, and just a lot of good energy around the building. To keep this on the lighter side, I’ll bullet out what presentations I chose with a quick comment.

• DHS Software Assurance Initiatives: A thorough discussion on integrating security into the SDLC with government best practices. Keyed me into a lot of materials I’d like to read!
• HTTP Bot Research: This was a great talk on botnets, past present and future by shadowserver. A lot of time was spent on the Georgia conflict and looking at the first botnet attack from the U.S. and the second from Russia. I really enjoyed it!
• Get Rich or Die Trying – Making Money on The Web, The Black Hat Way: This was my (and Jon’s) favorite talk. It was a veiled comic presentation that hammers home business logic flaws.
• Using Layer 8 and OWASP to Secure Web Applications: Two of the City of New York’s security guys lead this presentation on how they’ve developed their software development policies and practices.
• Industry Outlook Panel: Several big names in corporate security discussed their thoughts on a variety of topics. I really wish it was a double session, 50 minutes wasn’t nearly enough time.
• OWASP Testing Guide – Offensive Assessing Financial Applications: This was presented by a jet-lagged no-BS Brit who laid out some good testing primer.

*cough* we skipped the next hour and half (nothing we really wanted to hear) to run back to the hotel and grab some great Thai food in the East Village.

• OWASP Live CD: This turned out to be a lot less on the live CD and a lot more about a beta email phishing project loaded into a VM image. It scared the devil out of me, very powerful software. Apparently scared a few other folks too as it may not ever get released because it works so well.

Finished the night up with the (ISC)2 cocktail hour (free booze!) and they announced a new certification, the CSSLP. Then we took a walk to Times Square again which is infinitely cooler at night (duh).

Back in and getting rested for tomorrow. Can’t believe it’s nearly Thursday already!

Goodnight from Grand (street)!

Previously posted and imported from elsewhere

Friend and codemonkey Jon and I had a great day at OWASP AppSec. For a couple of NYC newbs, we’re getting around really well! Starting at 7:30a, we hopped on the subway for the trip to the Park Central Hotel. OWASP is taking very good care of its attendees and we got in and settled easily.

The management training was very informative and challenged how I think about security. Coming from a small SaaS firm, I was in the minority as the training was geared heavily to large organizations. This was excellent because I learned from hardened policies established by industry leading companies. I took a lot away from the group discussions because many large firms had representatives, but I also felt I was able to provide some insightful “grassroots” knowledge and approaches that working with a small organization affords. The training also provided a nice primer on attack styles, best practices to secure them, statistics on vulnerability and business effects, and how to “sell” security. Looking very forward to putting together lessons I learned to enhance how we approach current and future security opportunities.

Jon seems to really dig his defensive coding training, we’ve been chatting and trading ideas back and forth all night. It will be interesting to see what the second day of his course brings.

Personally, we’ve been having a great time experiencing NYC in our off-time. Had lunch at the Carnegie Deli then took a stroll to Times Square. Got our real NYC pizza fix at Arturo’s for dinner tonight, then strolled around for a couple hours just seeing what there is to see. NYC easily makes you feel very, very small!

Cheers from Chinatown