Friday, October 24, 2008

OWASP

The 23th of October I went to a OWASP meeting. If you're thinking about going to one, don't hesitate it is worth your time.


The first talk was "Building a tool for Security consultants: A story of a customized source code scanner" by Dinis Cruz. Even when you are not immediately going to audit code, it is worth to go and listen to Dinis. Although I just program for me, I still like to do it secure and the ideas I picked up are surely going to help me doing so.


The second talk was "Logging: not just a good idea" by Eddy Vanlerberghe. I didn't know what to expect from this talk and it wasn't the greatest presentation ever but it was ok. The fact is that we have to think about our logs, the way we store them and do the exercise to correlate logs of different systems to present as proof in a court of law. It is not so easy since you have to prove that your logs are genuine before you can use them and then there is the correlation.


If you're intrested in OWASP presentations you can go to the website www.owasp.tv there you can find up to 40 hours of presentations.

No comments: