c(◔ ◡ ◔)ɔ - #securecodemonkey

OWASP Portland Presentation: The other 95% of your App

Yesterday I had the pleasure of presenting to my local OWASP chapter in Portland on the topic of software composition which follows my previous post on the same topic. Here's a video recap. ENJOY! P.S. I'll be speaking on this topic next month at #OSCON in Austin, May 8-11. …

Read more

What's Hiding In The Other 97 Percent Of Your App?

I've been a developer for most of my life until more recent years, but I'll be honest; I haven't developed an actual full-fledged app in years. I do my best to keep up with how technology changes in order to be able to protect it, but WOW things change so …

Read more

Login Form Paranoia 101

If you've used the interwebs for longer than a New York minute you've seen at least a dozen login pages in your time. Some are simple, some downright annoying and others are... I have no words. And yet, the login page is the front door lock for your customers. It's …

Read more

Why I'm Not Getting a CISSP

In the last post we reviewed some thoughts on how Information Security can be more "Agile" by participating earlier in the SDLC. When Security and DevOps collaborate and think more in terms of small iterations, more often, then we end up on a similar Agile-like track as that of our …

Read more

Securing the SDLC

I had the opportunity to speak last week at my local ISSA chapter on the topic of Securing the Software Development Lifecycle. Given the interest it generated among the attendees I realized that this is a topic for MUCH further discussion worthy of at least a few blog posts on …

Read more