Friday, October 20, 2006

I just got back from the OWASP AppSec conference in Seattle.

So I've spent the majority of this week in Seattle at the OWASP conference. The conference was great. Lots of great talks (the .NET stuff in particular) and lots of great discussion. The best part of the whole thing was the big picture thinking and debating about a solution to the app sec problem. The creation of tools that would prevent (or make it much more difficult) for developers to write security bugs is certainly an interesting idea; one that I think is feasible for a lot of technical type bugs. For example, preventing SQL injection would be as simple as forcing developers to use a framework that only allowed database querying through parameterized queries. Logic bugs, however, and user problems are a different story. I think most of the work on this area will revolve around the software frameworks and operating systems limiting the amount of damage these other types of bugs can do. I'm definitely joining OWASP...

I didn't much care for Seattle though. It was my first, and probably last, time there. The weather sucked, lots of homeless people downtown, the bars closed early on weekdays and the weather really sucked. Well, one day the weather was ok. Anyhow, I did get to visit the original Pike's Place Starbucks which made my wife jealous (she manages an SBUX in Wisconsin). I did bring her back some merch with the original logo (the tit exposed logo).

No comments: