Getting multiple GitHub accounts on one Linux/WSL machine – 2023 update

Introduction I wrote the original version of this blogpost almost a year ago when I got a new laptop. The post offered a few options although in the end I only used the 3rd option. Also, during 2022, git added support for SSH commit signing and so did GitHub which significantly simplifies the process of … Continue reading Getting multiple GitHub accounts on one Linux/WSL machine – 2023 update →

Discover your inner security engineer with this one weird trick (hackers hate it!)

In 2022 I prepared a talk, aimed at non-security people working on building software such as developers and DevOps engineers. The aim was to introduce them to some key ways in which OWASP can help them level up their security knowledge and practices for either free or very cheap.

Tune your Toolbox – Building a high-value AppSec scanning programme.

I am delivering training courses on how to build effective processes around application security scanning tools as part of my work for Bounce Security. The course’s official name is “Building a High-Value AppSec Scanning Programme” and it’s unofficial, more fun but less descriptive name is “Tune your Toolbox for Velocity and Value”. This post will serve as a way of getting more information about the course.

Getting multiple GitHub accounts on one Linux/WSL machine

BEFORE YOU START READING I created an updated version of this post for 2023 which focuses on the easiest method of setting this up, uses SSH commit signing instead of GPG which also significantly simplifies things and fixes a few errors. So if you are looking for an easier solution then you might want to … Continue reading Getting multiple GitHub accounts on one Linux/WSL machine →

5 reasons to attend an OWASP Global Event

I recently had the privilege of attending and speaking at the OWASP AppSec USA 2018 conference in San Jose, California, one of OWASP'S global events. This was the first time I had attended a OWASP global event despite having attended chapter meet-ups and regional conferences so I wanted to take this opportunity to pull out some of my highlights.

Security through Non-testability

There are some great security technologies out there to act as a defensive layer in front of your application. However, if you want an efficient application security test, I would strongly suggest that you disable them for your tester unless you are looking for some really niche, edge-case bugs.

Setting up an OWASP Juice Shop CTF

I recently used the very excellent OWASP Juice Shop application developed by the very excellent Björn Kimminich to run an internal Capture the Flag event (CTF) for my department. It went really well and got really good feedback so I thought I would jot down some practical notes on how I did it.