Tech/Horsepower

Previously posted and imported from elsewhere (Day 2 and 4 by Jon)

Today brought us the real meat of the week, conference day one. This is my first industry engagement and I found it quite easy to get registered, figure out where things are happening and understand the lay of the land. Quite a bit happening all at once; three different presentation tracks, a bustling vendor area, many coffee-and-tea stops (which I used frequently!), people moving all around, and just a lot of good energy around the building. To keep this on the lighter side, I’ll bullet out what presentations I chose with a quick comment.

• DHS Software Assurance Initiatives: A thorough discussion on integrating security into the SDLC with government best practices. Keyed me into a lot of materials I’d like to read!
• HTTP Bot Research: This was a great talk on botnets, past present and future by shadowserver. A lot of time was spent on the Georgia conflict and looking at the first botnet attack from the U.S. and the second from Russia. I really enjoyed it!
• Get Rich or Die Trying – Making Money on The Web, The Black Hat Way: This was my (and Jon’s) favorite talk. It was a veiled comic presentation that hammers home business logic flaws.
• Using Layer 8 and OWASP to Secure Web Applications: Two of the City of New York’s security guys lead this presentation on how they’ve developed their software development policies and practices.
• Industry Outlook Panel: Several big names in corporate security discussed their thoughts on a variety of topics. I really wish it was a double session, 50 minutes wasn’t nearly enough time.
• OWASP Testing Guide – Offensive Assessing Financial Applications: This was presented by a jet-lagged no-BS Brit who laid out some good testing primer.

*cough* we skipped the next hour and half (nothing we really wanted to hear) to run back to the hotel and grab some great Thai food in the East Village.

• OWASP Live CD: This turned out to be a lot less on the live CD and a lot more about a beta email phishing project loaded into a VM image. It scared the devil out of me, very powerful software. Apparently scared a few other folks too as it may not ever get released because it works so well.

Finished the night up with the (ISC)2 cocktail hour (free booze!) and they announced a new certification, the CSSLP. Then we took a walk to Times Square again which is infinitely cooler at night (duh).

Back in and getting rested for tomorrow. Can’t believe it’s nearly Thursday already!

Goodnight from Grand (street)!