Rory and I just returned from OWASP AppSec EU where (for once) I was presenting but Rory wasn’t (as he was on the selection panel – though barred from reviewing my presentation!).
The quality of the talks was very high – though in my opinion there was rather too much of an emphasis on mobile this year. I know it is the exciting new area at the moment – but call me old fashioned but I would personally have liked to see more stuff on traditional web security. Perhaps (as per a talk Rory did a year or so back) it is just that there is no point of saying any more about it because no one is fixing the existing problems. I particularly enjoyed Maty Simon on HTML 5, James Kettle on Active Scan++ module for Burp and Jerry Hoff’s talk on mobile security.
We also heard Dr Richard Stallman talking about his views on ‘free’ software. I actually share more of his opinions than I would have thought – particularly around data privacy, although of course I do fundamentally disagree with him about proprietary software. I made a donation to his foundation and for a while I guess I may have been the only person in the world wearing a Microsoft T-Shirt with a GNU/Linux badge pinned on it. Anyway – I greatly respect him and his right to hold his views and I think he has stuck to his guns in a way that must cause him great personal inconvenience in the modern world.
Rory and I also attended the ‘Mobile Boot Camp Training’ as we were keen to expand Rory’s iOS and my Windows Phone knowledge into Android. It was a good course and we learnt a lot, but I have to say that the more I see of Android as a platform, the less I would be inclined to use it myself or to recommend it to others – particularly in an Enterprise environment. Be that as it may – we are now in the pretty rare position for a small consultancy of covering all the major mobile platforms.
My talk was an updated version of the Windows Store App presentation I did for Securitay back in January. There is quite a lot of new material and I seem to have managed to remove some of the annoying mannerisms from my delivery – https://www.youtube.com/watch?feature=player_detailpage&v=szKZG12XgIE#t=12509 The main new feature is ‘Store Sheep’ which I have just launched as an OWASP project. This is going to be a training app along the lines of ‘Web Goat’ which introduces testers and developers to Windows Store Apps and shows how to find and fix security issues in them. It is very much in Alpha at the moment (code word for ‘I haven’t anything like finished writing it yet’) – but I will be posting about it here as I make progress on it.
The picture is of Rory looking pensively at some Ruby Code while we were enjoying an excellent breakfast at ‘La Patisserie Vallerie’.
Just one other quick plug for an attraction any geek would love. We went to the Museum of Computing in Cambridge http://www.computinghistory.org.uk/index.htm They have hundreds of old computers in working order – check out Attic Attack on the Spectrum and ‘Flappy Bird’ for the ZX80. Also Altair 8800, Apple II etc. One of the best fun mornings I have had in a long time.