[Owasp-melbourne] OWASP Melbourne 16 March 2012 meeting
Sandeep Singh Nain
nainsandeep at gmail.com
Thu Mar 15 01:07:20 UTC 2012
It has been brought to our attention that not everyone on the mailing list
received the invite for tomorrow's chapter meeting. The details for the
meeting are as below.
16 March 2012 12:30 - 14:00
ANZ, 833 Collins St, Docklands, Melbourne VIC 3008
Room Location: Core C
*Please ask about OWASP at reception and they will direct you to the room
(room: Core C).*
*The easiest way to get there is to hop on the tram number 48 or 11, on
Collins St and go right to the end of Collins. Alternatively, walk down
Collins St this is a walking distance . This will be the last stop.*
Andrew van der Stock
Die passwords, die!
It's 2012, and we're still getting passwords so very, very wrong.
Why do users choose ridiculous passwords? Marvel at real world stats! Why
do organisations allow ridiculous passwords? Cringe at the excuses! Why do
business owners prevent better choices? Rage against the status quo! Why do
risk managers resist the completely obvious? A supply of 2x4's will not be
available because you cannot be trusted with the truth Why do developers
code the same bad patterns again and again? Rubber hoses will not be
available for public safety reasons Why do security professionals allow
this to continue? We suck. We have failed. This failure will keep us paid
until we retire.
Or will it?
If this was the real world, this is finger painting where getting paint on
your face, the walls, your clothes, and in your hair is deemed a job well
This talk will go through the human factors relating to password security,
and what can be done about it.
*About the speaker*
Andrew van der Stock is a member of the OWASP Global Chapter Committee. He
has been working in the InfoSec Community in Australia and globally since
1998 and has established himself as highly respected consultant in
Australia and in the USA. Andrew devotes much of his limited personal time
to industry open source projects such as OWASP, and was the lead and author
of some of the most used OWASP materials out there - OWASP Developer Guide
2.0, OWASP Top 10 2007, and is currently interested in helping the
Application Security Verification Standard. Andrew has performed security
architecture, code reviews, software assurance, risk management, written
policy, and performed penetration testing for clients in Australia and the
USA for more than twelve years. Andrew has returned from the USA in 2009
after consulting for global Fortune 500 organizations in over 25 states.
Andrew has taught more than a thousand developers in AsiaPac and in the
USA. He is an in demand speaker, with appearances at Ruxcon, Black Hat,
OSCON, SAGE-AU, AusCERT, linux.conf.au and OWASP AU and OWASP EU, he is
seen as an authoritative source in software security, penetration testing
and Policy & Governance.
Hope to see you all there.
OWASP Melbourne :).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-melbourne