[Owasp-melbourne] Fwd: OWASP Melbourne 16 March 2012 meeting

Serg serg at owasp.org
Wed Mar 14 15:19:17 UTC 2012

OWASP Melbourne chapter meeting


16 March 2012 12:30 - 14:00

ANZ, 833 Collins St, Docklands, Melbourne VIC 3008
Room Location: Core C

Please ask about OWASP at reception and they will direct you to the
room (room: Core C).
The easiest way to get there is to hop on the tram number 48 or 11, on
Collins St and go right to the end of Collins. Alternatively, walk
down Collins St this is a walking distance . This will be the last

Andrew van der Stock

Die passwords, die!

It's 2012, and we're still getting passwords so very, very wrong.

Why do users choose ridiculous passwords? Marvel at real world stats!
Why do organisations allow ridiculous passwords? Cringe at the excuses!
Why do business owners prevent better choices? Rage against the status quo!
Why do risk managers resist the completely obvious? A supply of 2x4's
will not be available because you cannot be trusted with the truth
Why do developers code the same bad patterns again and again? Rubber
hoses will not be available for public safety reasons
Why do security professionals allow this to continue? We suck. We have
failed. This failure will keep us paid until we retire.

Or will it?

If this was the real world, this is finger painting where getting
paint on your face, the walls, your clothes, and in your hair is
deemed a job well done.

This talk will go through the human factors relating to password
security, and what can be done about it.

Abouth the speaker
Andrew van der Stock is a member of the OWASP Global Chapter
Committee. He has been working in the InfoSec Community in Australia
and globally since 1998 and has established himself as highly
respected consultant in Australia and in the USA. Andrew devotes much
of his limited personal time to industry open source projects such as
OWASP, and was the lead and author of some of the most used OWASP
materials out there - OWASP Developer Guide 2.0, OWASP Top 10 2007,
and is currently interested in helping the Application Security
Verification Standard.
Andrew has performed security architecture, code reviews, software
assurance, risk management, written policy, and performed penetration
testing for clients in Australia and the USA for more than twelve
Andrew has returned from the USA in 2009 after consulting for global
Fortune 500 organizations in over 25 states. Andrew has taught more
than a thousand developers in AsiaPac and in the USA. He is an in
demand speaker, with appearances at Ruxcon, Black Hat, OSCON, SAGE-AU,
AusCERT, linux.conf.au and OWASP AU and OWASP EU, he is seen as an
authoritative source in software security, penetration testing and
Policy & Governance. He is currently without a job, which is annoying,
so if you want to help keep his daughter in Thomas the Tank Engine
rides and cats in the luxurious lifestyle they are used to, please say
hi at the meeting.

Hope to see you all there
   OWASP Melbourne :)

More information about the Owasp-melbourne mailing list