Tuesday, July 26, 2011

Summer of Tech - Web Security (Gum) Bootcamp

Kirk and Andy presented a Web Security (Gum) Bootcamp session at the Wellington Summer of Tech:
Get ya boots on for a true down-and-dirty hands-on web-security session with Kirk and Andy from Aura InfoSec. 
This session will cover what's out there in the wild attacking your websites, why you should care and YES there are things you can do about it. 
For starters, if you plan to ever own, develop, design, maintain, host, work-on-in-any-way or in fact even browse-to a website at some point in your life, the you must attend this web-sec bootcamp! 
 Download the slides: 2011-07-26-SummerOfTech.pdf (4mb)

Thursday, July 14, 2011

WDCNZ - Web Security: Get Ahead(er)

Kirk Jackson presented at the inaugural WDCNZ conference in Wellington.
Web Security - Get ahead (er)
This talk covered new browser support for Content Security Policy and HTTP Strict Transport Security headers, as well as miscellaneous other web security techniques to protect your applications from XSS, man-in-the-middle and other attacks.

Download the slides: KirkJackson-WDCNZ-GetAHeader-online.pdf (1.3mb)

Thursday, July 7, 2011

OWASP NZ - File Uploads

Kirk Jackson presented at the 2011 OWASP NZ Day. The talk was titled "File Uploads are EVIL!".

Allowing users to upload files to your website and later download them is complicated to get right. In this talk, Kirk tried to distill some of the knowledge and experience collected during penetration testing client applications and give advice on how to safely receive, store and return user-generated files.

Download the whitepaper: OWASP_NZDay_2011_KirkJackson_FileUploadConsiderations.pdf