I've survived yet another Blackhat Europe... actually, part of me probably perished in the streets of Amsterdam, but that's a story for the bars. I'll be in San Francisco next week speaking at the RSA Conference. I plan on attending the WASC RSA meetup and the iSEC Forum and Social (I love the iSEC parties!). If you see me out and about, hit me up and we'll talk security over a few drinks!
Also, I was sent a link to a collection of secure development videos from a co-worker. The videos cover a wide range of topics such as "How do I: Prevent a SQL Injection Security Flaw in an ASP.NET Application" all the way to "How Do I: Use Managed Cards in Windows CardSpace to Increase the Security of My Web Site". The videos are a great place for any budding developer to explore some Secure Development techniques. I like the videos because many of them address security related questions that I get all of the time and serve as an excellent remediation tool. The vids are by no means a comprehensive guide to Secure Development nor are they a replacement for a formal SDL, but they can be a great training tool and have a lot of value.
Last item for the day... I'm a big fan of the Harvard Business Review (HBR). Usually, the articles contained within HBR have nothing to do with information security (or even computers for that matter). In the latest issue, there is a piece entitled "Radically Simple IT", which outlines some interesting strategies for IT projects at the enterprise level (path based approach). It's an interesting article and if you're considering implementing any medium to large size IT project, you should definitely give it a read....
No comments:
Post a Comment