I am delivering training courses on how to build effective processes around application security scanning tools as part of my work for Bounce Security. The course’s official name is “Building a High-Value AppSec Scanning Programme” and it’s unofficial, more fun but less descriptive name is “Tune your Toolbox for Velocity and Value”. This post will serve as a way of getting more information about the course.
Introduction I recently had to set up a new laptop and one of the things I wanted was the ability to have both my work and personal GitHub accounts set up on one Linux environment, (more specifically WSL). I also wanted to ensure that at least my personal commits were signed using a GPG key … Continue reading Getting multiple GitHub accounts on one Linux/WSL machine
I recently had the privilege of attending and speaking at the OWASP AppSec USA 2018 conference in San Jose, California, one of OWASP'S global events. This was the first time I had attended a OWASP global event despite having attended chapter meet-ups and regional conferences so I wanted to take this opportunity to pull out some of my highlights.
There are some great security technologies out there to act as a defensive layer in front of your application. However, if you want an efficient application security test, I would strongly suggest that you disable them for your tester unless you are looking for some really niche, edge-case bugs.
I recently used the very excellent OWASP Juice Shop application developed by the very excellent Björn Kimminich to run an internal Capture the Flag event (CTF) for my department. It went really well and got really good feedback so I thought I would jot down some practical notes on how I did it.
Some *completely unofficial* answers to questions about OWASP and the AppSecEU 2018 debacle based purely on publicly available information.
Whilst most people were preparing for the festive season, in a shock move OWASP decided to suddenly claw back its flagship conference from the hugely successful OWASP Israel chapter and hold it in the UK (again) instead.