Tuesday, December 9, 2014

OWASP Bay Area - Now with a meetup group

Are you in the Bay Area and interested in application security? The local OWASP chapter now has a meetup group. Just join the group and you'll be notified of all the great upcoming events. The events rotate throughout the Bay Area so we can attract a variety of attendees.

meetup.com/Bay-Area-OWASP/

Also, keep an eye out for what's happening in September. The big OWASP AppSecUSA conference will be hosted here in San Francisco! Mark your calendars now (and buy a discounted early bird ticket) AppSecUSA.org


-Michael Coates - @_mwc

Monday, September 15, 2014

OWASP AppSensor Book Signing at AppSecUSA


Join me at OWASP AppSecUSA for a free signed copy of the new OWASP AppSensor Book. I’ll be at the Shape Security booth in the expo area on Thursday afternoon at 4pm.


New to AppSensor? 
Imagine if your application could detect a threat before your system and data is breached and automatically ban that user from your application. In short, this is what AppSensor can accomplish.

AppSensor is a free and open source project that provides a framework to equip your application with an advanced defense system. This defense system enables your application to  understand malicious activity and respond in real time to protect your sensitive assets and data.

How is this different than traditional IDS and WAFs? 
Generic systems can only detect generic attacks. Your application is unique and needs a defensive system that can detect unique attacks targeting your business logic and access control system. Since AppSensor is built inside your application you have full visibility to any malicious activity or probes attempting to compromise your application.


Stop by the Shape Security both for a free signed copy of the AppSensor booth!


-Michael Coates - @_mwc

Tuesday, August 12, 2014

Has OWASP Helped You? Retweet and help OWASP





-Michael Coates - @_mwc

Thursday, July 17, 2014

Google's Project Zero

Google recently announced Project Zero, an initiative to “to significantly reduce the number of people harmed by targeted attacks“.  Project Zero is inverting the traditional bug bounty program and there are many positive elements to this new initiative. I'm a big proponent of bug bounty programs and worked with them closely at Mozilla (Mozilla created the first major bug bounty program for Firefox in 2004).

In addition to the positive elements I got a chance to also discuss some of the challenges Project Zero may face with Antone Gonsalves @antoneg at csoonline.com


Google bug-hunting Project Zero could face software developer troubles,
Antone Gonsalves | CSO | Jul 16, 2014



-Michael Coates - @_mwc

Thursday, April 17, 2014

Avoiding The Next Heartbleed - LinkedIn Publish

Avoiding The Next Heartbleed
 
How should companies learn from Heartbleed to be better prepared for the next major security event?

Full story
https://www.linkedin.com/today/post/article/20140417203003-8374308-avoiding-the-next-heartbleed

https://www.linkedin.com/today/post/article/20140417203003-8374308-avoiding-the-next-heartbleed




-Michael Coates - @_mwc