Archive for the ‘conferences’ Category

« Older Entries

AppSec DC Update

Friday, October 2nd, 2009

Most of my time these days is going into AppSecDC. So I thought I’d share a bit of a shameless plug here that I just sent out to the conference mailing list:

People are registering, hotel rooms are being booked, classes are being enrolled in, and we’re just over a month out!

First off, if you haven’t registered or approached us about volunteering yet, today is the LAST day for early bird registration.

The link for registration is here

Secondly, if you are interested in volunteering, and haven’t contacted us about it yet, please contact Jon Rose, who is handling the volunteer coordination these days. He will be sending out a volunteer information packet in the next few days that should have answers to some of your questions, and he should be able to hook you up with getting “signed up” for specific positions.

Also, got Web 2.0? If so, we’re out there, and need your help. Follow, join, repost, talk about, and all those other good things. Every bit of extra visibility gives people who don’t know about the conference a chance to join in and participate!

Follow @AppSecDC09 on Twitter!

Join the event on Facebook, Linked In, or Upcoming !!

If you can, publish the event to your profile about it on whatever service, and tell your friends!

Look for more announcement soon. Next week, we’ll be highlighting some of the training options, and talking about what’s going on with our panels and some of our other events.

Posted in AppSecDC, OWASP, OWASP AppSec, Web Security, conferences, web people | No Comments »

Government 2.0 Panel at FOSE

Thursday, March 12th, 2009

I attended the “Government 2.0 – Evolution or Revolution?” Executive Session at FOSE at the DC Convention Center.

I’m posting this sans links due to time constraints, most of the people/places/things are readily locatable in Google. I’ll try to come back and clean up links this weekend at some point.

The panel was moderated by Chris Dorobek, and consisted of Chris Rasmussen, Intelligence Community Collaboration Guru, Dr. Mark Drapeau, of the National Defense University and Mashable, Steve Ressler, creater of govloop.com, the “Facebook for Feds,” and Teresa Nasif, Director of the Federal Citizen Information Center and one of the forces behind USA.GOV.

Dorobek opened by restating the name of the session, and discussing where the government is at with Web 2.0. Comment was made about a recent discussion in the press of 2.0 hitting a “mid-life” crisis with the government, where the initial ground swell of enthusiasm has peaked and the grim realities of the difficulty of deployment and utilization in the government environment has set in. Dorobek stated that this is a misnomver — 2.0 is still in it’s infancy, and there is still a very long way to go, it’s not crisis but still an initial inception phase going on. He then introduced the speakers and gave a quick blurb on everyone’s background and how they related to the situation.

(more…)

Posted in FOSE, Federal, Web Security, collaboration, conferences, web people | 1 Comment »

Drupalcon in DC, now with Security!

Monday, March 9th, 2009

I was able to stop by Drupalcon the other day for a few hours. I was there scouting out the DC Convention center space for the OWASP AppSec 2009 Conference I’m helping organize this fall, and went to see how they were utilizing the space and facilities.

In a bit of fortuitous circumstance, the short time I was there coincided with the one set of security talks being given at the convention, so I dropped in to take a look.

Both talks were given by a panel of Neil Drumm, Greg Knaddison, Matt Cheney and Ezra Gildesgame. Greg has a book coming out in the near future, “Cracking Drupal.” There were two talks, an intro and advanced, dealing with Drupal security. I was pleasantly surprised, after seeing a fairly empty intro talk, to see that the “advanced” talk was jam packed.

It was interesting to see the differences and similarities in seeing a security talk given by developers as opposed to a security talk given by security folks. There were a lot of parallels to Mark and my Web App Sec 101 talks we have given, but couched in terms of Drupal.

(more…)

Posted in Drupal, Drupalcon, Web Security, conferences, information security, web people | 2 Comments »

Timely reminder

Friday, January 30th, 2009

It’s coming out in the news that usajobs.gov data was compromised as part of the recent monster.com hack.

I find this a great time to remind people that OWASP DC is next week, and that web application security can extend in ways and to places you don’t think it will initially.

Stop and see us there before ShmooCon, which is next weekend. And maybe Mark and I will actually create some real posts as follow-up from the con!

Posted in OWASP, Web Security, conferences | No Comments »

CCC irony

Tuesday, December 30th, 2008

Today is the last day of the most recent CCC event in Germany. This security conference’s “big deal” is over presenters showing that they’ve found a way to fake a CA (ostensibly through weakness in MD5 signatures).

The theme of this congress is “nothing to hide,” with a logo that shows redaction marks surrounding the text. The abstracts of all the other talks are online, except for this one. It’s been “edited.”

So much for “Nothing to Hide” ;-) .

redacted abstract for CCC presentation

Posted in conferences, information security | No Comments »

« Older Entries