information-security

Workshop - Security Regression Testing with ZapAPI and NodeGoat

At CHC.js Kim will demonstrate the OWASP Zap API with NodeGoat, which helps you identify vulnerabilities in your web application as you create it, rather than at the end of a project.

Workshop - Holistic Info-Sec for Web Developers

AusCERT hands-on threat modelling, attack and defence strategy training for Web Developers wishing to understand their attackers better, stay ahead of them and create cost effective defence strategies.

Workshop - Tools, Password Profiling, Brute Forcing

Kim will take ISIG through the [collection of tools](https://f0.holisticinfosecforwebdevelopers.com/chap05.html#tooling-setup) added and configured on his penetration testing machine used throughout his book series ([Holistic Info-Sec for Web Developers](https://www.holisticinfosecforwebdevelopers.com)). Kim will then profile a well known celebrities password, creating a short-list, then (on-line) brute force their login. Come along, it’ll be fun.

Security Review, Penetration Testing

You need to be sure that what your development team(s) are creating is going to withstand the onslaught of those tasked with breaking your deliverables, and stealing your customers data. Your customers want to be certain that their personal data is secure. You need your product to stand-up to those that are going to attack it.

InfoSec for Developers

Carl and Richard talk with Kim Carter about his experience in helping developers grasp information security and successfully employ it within their teams.

Conference - OWASP New Zealand Day

The seventh OWASP New Zealand Day conference, held at the University of Auckland.

Workshop - Holistic Info-Sec for Web Developers

Kiwicon hands-on threat modelling, attack and defence strategy training for Web Developers wishing to understand their attackers better, stay ahead of them and create cost effective defence strategies.

Talk - Password Profiling, Brute Forcing

Kim talks with his fellow Toastmasters about profiling peoples passwords and then brute forcing web applications with the shortlist of guessed passwords..

Talk - Infectious Media with Rubber Ducky

Kim talks with his fellow Toastmasters about the risks and countermeasures of luring targets to execute infectious media on their devices.

Lack of Visibility in Web Applications

Not being able to introspect your application at any given time or being able to know how the health status is, is not a comfortable place to be in and there is no reason you should be there.