Saturday, September 15, 2012

in2securITy - Secure Software Development

in2securITy is a non-profit educational group run by security folk in NZ, with the aim of helping those new to the security profession get enthusiastic and gain the skills to find a job.

Kirk spoke at the Wellington leg of the in2securITy national tour on the topic of Secure Software Development.

This was a 30 minute talk discussing the typical software development lifecycle, and different security tasks and discussions that could fit in along the way. He also advocated the role of "Security Champion" within project teams, and encouraged folks to speak up when they security issues in the making.

Download the slides here: 2012-09-08-in2securITy.pdf (5mb)

The Microsoft Security Development Lifecycle is a well regarded process used by large companies such as Microsoft and Adobe to add security into their software product lifecyle.

Friday, September 7, 2012

TechEd 2012 - Hack-Ed: Mobile Security

Andy Prow and Kirk Jackson presented at Microsoft TechEd NZ. The third talk was titled: Hack-Ed - Mobile Security
With millions of devices with more features, and more apps with more functions, and more users with more needs, and more developers with more ideas, and more tools with more power, and more hackers with more to gain... we need to make sure we get mobile app security nailed! Come along and see what security is being provided for you, and what things you need to take care of!
Download the PDF: 2012-SIA302-MobileSecurity-AndyProw-KirkJackson.pdf (20.6mb)

Thursday, September 6, 2012

TechEd 2012 - Hack-Ed: Design for Attack

Andy Prow and Kirk Jackson presented at Microsoft TechEd NZ. The second talk was titled: Hack-Ed - Design for Attack
Whether mobile, web, Windows client or server app; whether banking software or social app; whether internal corporate users only or open to all on the internet; your apps will be attacked. So, how do you design and architect the applications from the ground up to stop attacks, log and monitor attacks, and alert those who need to know? This session will ensure you're correctly considering all components so you can confidently know if you've been compromised, when, by whom, and what they did.
Download the PDF: 2012-ARC401-DesignForAttack-AndyProw-KirkJackson.pdf (18.7mb)

Wednesday, September 5, 2012

TechEd 2012 - Hack-Ed: From the Trenches

Andy Prow and Kirk Jackson presented at Microsoft TechEd NZ. The first talk was titled: Hack-Ed - From the Trenches

We all know that we need to make sure our apps are secure. We all hear about hacks in the news, whether privacy breaches, denial-of-service attacks or credit card fraud. But often those stories are a little detached from the day-to-day development that we do. This session will uncover some stories from the trenches to try and highlight the real attacks that go on in the real world, and why none of our systems are immune. It will also uncover some very real mistakes we see people making in the wild!

2012 Speakers - Day 1

Download the over-sized PDF: 2012-SIA201-FromTheTrenches-AndyProw-KirkJackson.pdf (20.5mb)