Nish Bhalla and I were at Countermeasure 2012 conference in Ottawa. Please click here to download the presentation.

Last Tuesday, Patrick Szeto and I presented “Bust a Cap in a Mobile App” at SecTor, our talk about pentesting Android applications. The slides are available here: Download PPT.

I had the privilege of sitting down with Rafal Los & Glenn Leifheit at OWASP AppSecUSA 2011 in Minneapolis to talk about how we can embed security in QA. Raf was nice enough to record our conversation on his popular Podcast series, Down the Rabbithole. We are big fans of finding practical, repeatable ways to build…

Max Veytsman and Subu Ramanathan have just returned from presenting mobile security talks at ToorCon in San Diego and the MISTI Mobile and Smart Device Conference in Atlanta. The talks were entitled “Bust a Cap in an Android App” and “DEEP DIVE: Pentesting the Android and iPhone” Both slide decks are available below: Download “DEEP…

Recently, my colleague Rohit Sethi and I presented JSF Security at Source Conference in Seattle. Among other things, we discussed JSF input validation using the Reference Implementation (Mojarra), Apache MyFaces, and using JSF 2.0.  We also covered integrating OWASP ESAPI into a JSF application to protect against authorization attacks and CSRF. Presentation slides and a video have now been posted.  Enjoy!

This year we’ll be returning to RSA to deliver a couple of 1 day training classes: application security hands on anddatabase security hands on. Both are introductory courses that aim to get students ramped up quickly on these important topics. Know anyone who’s interested?

Come check us out at OWASP DC. We’ll be speaking on theSecurity Analysis of Core J2EE Patterns and teaching classes on Threat Model Express and Java Source Code Review