One does not simply implement passkeys

Cover image by Neil Moralee: https://www.flickr.com/photos/neilmoralee/49777943373/in/photostream/ (Thanks for Michal Kamensky for proof-reading and providing feedback and discussion on this post 😀) Table of Contents Table of ContentsIntroductionDetailed walk-throughThe chosen examplePart 1 Creating a mobile passkey Native App on AndroidNow, where are my keys?Part 2 Creating a passkey on WindowsFirefox on Windows 11Chrome on Windows 11Part … Continue reading One does not simply implement passkeys →

5 Product Security talks that caught my eye on the Black Hat USA 2023 schedule.

Introduction We are just a few short weeks away from Black Hat USA 2023. I'm really looking forward to attending in-person for the first time to deliver my training course, “Building a High Value AppSec Scanning Programme”. (Tickets are still available for this, and ticket prices go up on Friday, so you should definitely register … Continue reading 5 Product Security talks that caught my eye on the Black Hat USA 2023 schedule. →

Five Black Hat USA courses that caught my eye, (#5 won’t shock you at all!)

Seems like a long way away but believe it or not preparations for Black Hat USA 2023 are well underway! In particular tickets for Black Hat’s highly sought after training courses are already on sale and doing brisk business. Was preparing for my course, building a high value access scanning program, I’ve had a little … Continue reading Five Black Hat USA courses that caught my eye, (#5 won’t shock you at all!) →

Getting multiple GitHub accounts on one Linux/WSL machine – 2023 update

Introduction I wrote the original version of this blogpost almost a year ago when I got a new laptop. The post offered a few options although in the end I only used the 3rd option. Also, during 2022, git added support for SSH commit signing and so did GitHub which significantly simplifies the process of … Continue reading Getting multiple GitHub accounts on one Linux/WSL machine – 2023 update →

Discover your inner security engineer with this one weird trick (hackers hate it!)

In 2022 I prepared a talk, aimed at non-security people working on building software such as developers and DevOps engineers. The aim was to introduce them to some key ways in which OWASP can help them level up their security knowledge and practices for either free or very cheap.

Building a high-value AppSec scanning programme.

I am delivering training courses on how to build effective processes around application security scanning tools as part of my work for Bounce Security. The course’s official name is “Building a High-Value AppSec Scanning Programme” and it’s unofficial, more fun but less descriptive name is “Tune your Toolbox for Velocity and Value”. This post will serve as a way of getting more information about the course.

Getting multiple GitHub accounts on one Linux/WSL machine

BEFORE YOU START READING I created an updated version of this post for 2023 which focuses on the easiest method of setting this up, uses SSH commit signing instead of GPG which also significantly simplifies things and fixes a few errors. So if you are looking for an easier solution then you might want to … Continue reading Getting multiple GitHub accounts on one Linux/WSL machine →