Holistic Info-Sec for Web Developers

A three part book series focused on lifting the security knowledge of Software Developers, Engineers, and their teams, so that they can continuously deliver secure technical solutions on time and within budget, without nasty surprises. First book is complete, second book is content complete and currently in technical review.

Talk - What's Our Software Doing With All That User Input

At OWASP NZ Day: What are we doing with all the characters that get shoved into our applications? Have we considered every potential execution context?

Workshop - Security Testing with Kim Carter

At ANZTB: Hands-on insight into security testing. Kim will discuss some of the more common security vulnerabilities being found in today’s software implementations, and will demonstrate ways of testing them.

Sanitising User Input from Browser part 2

Redirects to legacy blog post. Untrusted data (data entered by a user), should always be treated as though it contains attack code. This data should not be sent anywhere without taking the necessary steps to detect and neutralise the malicious code.