[Owasp-alabama] 2010 Meetings
owasp-alabama at lists.owasp.org
owasp-alabama at lists.owasp.org
Tue Jan 5 19:22:23 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 5, 2010, at 12:33 PM, owasp-alabama at lists.owasp.org wrote:
> @josh
>
> I think thats a great idea.
>
> @Daniel
>
> I totally agree. I hand-picked this guy that is flying in because of
> that very reason. I know him personally, and he isn't selling a
> company, nor himself. He's a great guy.
Who is it?
> Daniel, how about giving us some ideas on what you'd like to see?
> What would provide the MOST benefit for you and the folks you know?
Please note that my perspective on hacking is not defined only by the
lens of webapplication security.
Application security == Application security in my mind.
Being a bugtracker/pentester/hacker,....I would appreciate some of the
following things.
Topically, I would enjoy topics on the following:
- ----------------------------------------------------------------
* Visualization , and ways to aid in fuzzing efforts through graphical
representation.(read as code coverage in binary analysis type
situations).
* Input validation and input tracing methods - it would be nice to
know if there are some tools out there that other people have that I
don't..
* Manual & and product based to aid in fuzzing and source code review.
* Source code analysis tools perspectives specifically quality versus
quantity in automated solutions. Even though I am well aware that
automated source code analysis will only find 60% of the bugs it would
be nice to hear other people's input on this and possibly developers
of some of the bigger source code analysis tools (this would be killer).
* Philosophy & Story telling. In this arena it would be nice to see
what some of the older generation of bug finders overcame, what
mindset was critical for success and how success was obtained in
situations where (insert genx toolset did not exist).
* Analysis and perspective of design vulnerabilities assessors in the
area and or profession have seen in the last x years. I am always
interested in seeing what others see and the more patterns one can
know about the more they can succeed in an application review.
* I think it would be good for everyone to talk more on limiting risk
through parameterized sql queries....
* Threat Modeling and commentary on good SDLC - possibly getting some
of the guys from Microsoft might be nice for this since they have one
of the best qa/sdlc's out there.
* Positive things about php would probably help someone who is cynical
to all things php...
* Commentary on security from developer just introduced to security
versus someone who has been a developer for x amount of years...
commentary is always valuable for context.
- ---------------------------------------------------------------------------------------------------------------------------------------------------
To be honest , I would like to see some of the old school heaver
hitter bug finders.
Speaker wise, here are some people I follow and always love to hear
what they say......
Eg: ( * indicating speakers if given budget from owasp could be a
possibility - indicating probably no chance in hell )
* Mark Dowd
* John McDonald
* Justin Schuh
* Charlie Miller
- Halvar Flake
- Fx
* Dino
* Andres Andreu (haven't heard from him in a while, is he still
around... ?)
- Anyone who wrote some of the older phrack articles.
- Older members from the original @stake/L0pht crew.
People I care not to hear a thing from include:
* Jeremiah Grossman
* Ed Skoudis
| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850 | | o. 866.267.8851
"Moments of sorrow are moments of sobriety"
-----BEGIN PGP SIGNATURE-----
iD8DBQFLQ9e/lZy1vkUrR4MRAmamAJ4u7n1/9V0ggsOjYtSS86tNYo9v+wCeOllk
yZTgKlsxdCtZUAHfG000PkA=
=u7Mr
-----END PGP SIGNATURE-----
More information about the Owasp-alabama
mailing list