information-security

Consuming Free and Open Source

Redirects to legacy blog post. This is where A9 (Using Components with Known Vulnerabilities) of the 2013 OWASP Top 10 comes in. We are consuming far more free and open source libraries than we have ever before. Much of the code we are pulling into our projects is never intentionally used, but is still adding surface area for attack. In this post we address the risks and countermeasures.

Talk - The Exploited & the Exploiters

Taking the perspective of the penetration tester hired in by the target to find the defects in their security defences before the cyber criminals do.

Risks and Countermeasures to the Management of Application Secrets

Redirects to legacy blog post.

Talk - 0wn1ng The Web

At Functional Christchurch, due to popular demand. Taking the perspective of the penetration tester hired in by the target to find the defects in their security defences before the cyber criminals do.

Talk - 0wn1ng The Web

At Test Professionals Network Christchurch, due to popular demand. Taking the perspective of the penetration tester hired in by the target to find the defects in their security defences before the cyber criminals do.

Talk - 0wn1ng The Web

At CHCH.js Christchurch, due to popular demand. Taking the perspective of the penetration tester hired in by the target to find the defects in their security defences before the cyber criminals do.

Talk - 0wn1ng The Web

At WDCNZ: Kim discusses and demonstrates how JavaScript can be used for good and evil.

Talk - Does Your Cloud Solution Look Like a Mushroom

At Dot Net User Group, Christchurch, due to popular demand this presentation is being run again. Drawing from Kim's recent blog post "[Journey to Self Hosting](https://binarymist.wordpress.com/2014/11/29/journey-to-self-hosting/)" and many more resources for some high-level ideas about cloud solutions. Kim will discuss what's good and what's not good about "the Cloud".

Talk - Does Your Cloud Solution Look Like a Mushroom

At OWASP meetup, Christchurch, due to popular demand this presentation is being run again. Drawing from Kim's recent blog post "[Journey to Self Hosting](https://binarymist.wordpress.com/2014/11/29/journey-to-self-hosting/)" and many more resources for some high-level ideas about cloud solutions. Kim will discuss what's good and what's not good about "the Cloud".

Talk - Passwords 101

In this 5 – 7 minute talk, Kim demonstrates (hands on) how easy it can be to compromise passwords using a collection of techniques. Kim discusses how most developers are failing at keeping their end users safe.