Yesterday I presented at the first Irish OWASP Application Security Conference. There were over 100 attendees and some great speakers which made for a very successful event. Well done to Eoin and the rest of the team involved in organising it.

David Rook, aka securityNinja, did a great presentation on his Secure Development Principles. David also launched a new SecurityNinja website and Blog which is now brought to you by Realex Payments. Here are some pictures of the event.

Conor and I presenting "Who can afford to build secure web applications?"

David Rook presenting "The Principles of Secure Development"

If you are involved in web application development then I would recommend taking a look at the securityninja Secure Development Principles whitepaper.

Dave

--

If you liked this article then you can:

• Subscribe to our Blog RSS feed
• Become a fan of webpayments.ie on Facebook
• Follow us on Twitter

Related Blog Posts:

• OWASP Ireland Chapter Meeting Summer 2009
• OWASP Ireland AppSec 2009 Conference
• Realex Payments Launch Online Payments Website

Some of the regular readers of this site will know that I am involved in the Irish Chapter of OWASP. This is short blog post to promote the next OWASP Ireland Chapter meeting. I think it is worth pointing out that you do not need to be an OWASP member to attend. OWASP Chapter meetings are FREE and OPEN to everyone. If you are interested in learning more about application security then you should head along.

The next meeting is scheduled for July 23rd at 6:30pm in Ernst & Young on Harcourt Street. There are two speakers lined up for it:

Evading SQL injection detection through encoding.
Niall Jordan (Realex Payments)

The purpose of this presentation is to give a basic understanding of how character set encoding can be used to evade common SQL injection detection techniques. It will start with a brief introduction to character set encoding to give the viewer the necessary overview to adequately understand the attack vectors. It will then move on to quickly describe normal SQL injection techniques and their detection and then go into detail on using character set encoding to bypass conventional detection methods. Practical examples will be shown along with methods to prevent these attacks.

Software Assurance Maturity Model 1.0
Colin Watson (Watson Hall)

The Software Assurance Maturity Model (SAMM) is now an OWASP project and in March became release quality. What is software assurance? What is a maturity model? What is SAMM? The presentation will explain how SAMM can be used to assess and improve software development security practices, reducing security risk and increasing software assurance, in all sizes of organisation.
Colin Watson’s initial work was in the production and process engineering fields, but since completing an MSc in Computation at the University of Oxford in 1995, he has been employed in web software development, with an increasing focus on the security aspects. He is now a consultant, based mainly in London, working with developers, testers, auditors and people from a non-IT background to improve security practices. Colin joined the OWASP Global Industry Committee in January 2009.

Reminder: Signup for the OWASP Ireland Application Security 2009 Conference is still open.

Dave

--
Related Blog Posts:

•  OWASP Ireland AppSec 2009 Conference