Sunday, July 6, 2008

Web Application Security Roadmap presentation at OWASP NYC AppSec 2008

I will be presenting my Web Application Security Roadmap at upcoming OWASP NYC AppSec 2008 conference later this year.

Draft of current presentation is available here.


Friday, July 4, 2008

Judge Orders YouTube to Give All User Histories to Viacom

I posted this to the WASC listserv

From the post:

A link to the court ruling is included in the article referenced above and I encourage you to take a moment to read it if you have the time.

The way I see it, at the end of the day, web application security professionals ultimately work to build confidence and a sense of both trust and integrity for the end user experience. Without confidence, trust and integrity then the Internet as we know it falls away and we are likely left without an outlet for our passion.

Many pieces of this court ruling troubled me and I wanted to share it with the list in case others on the list had missed it.

If end users ever get to the point that they fear visiting public and otherwise respected sites then that seems to do us all a disservice. Does this not encourage the further development of a DarkNet that shields end users from unforeseen liability and if so, does this not also complicate efforts to secure and protect web applications by security professionals?

Sure, maybe I am overreacting but in a world based upon precedents, this one troubles me more than others.

Your thoughts?