information-security

Workshop - Holistic Info-Sec for Web Developers

At CampJS, Melbourne, Australia: Join Kim in the exploration into an insightful set of steps he has learned, from an architectural perspective down to the zeros and ones. Also providing insights of how attackers of your systems think.

Talk - Does Your Cloud Solution Look Like a Mushroom

Saturn Architect Conference, Baltimore, MD, USA: Drawing from Kim's recent blog post "[Journey to Self Hosting](https://binarymist.wordpress.com/2014/11/29/journey-to-self-hosting/)" and many more resources for some high-level ideas about cloud solutions. Kim will discuss what's good and what's not good about "the Cloud".

Conference - OWASP New Zealand Day

The sixth OWASP New Zealand Day conference, held at the University of Auckland.

Talk - What's Our Software Doing With All That User Input

At OWASP NZ Day: What are we doing with all the characters that get shoved into our applications? Have we considered every potential execution context?

Kali Linux Review

PenTest Magazine article by Kim.

Workshop - Security Testing with Kim Carter

At ANZTB: Hands-on insight into security testing. Kim will discuss some of the more common security vulnerabilities being found in today’s software implementations, and will demonstrate ways of testing them.

Sanitising User Input from Browser part 2

Redirects to legacy blog post. Untrusted data (data entered by a user), should always be treated as though it contains attack code. This data should not be sent anywhere without taking the necessary steps to detect and neutralise the malicious code.

Sanitising User Input from Browser part 1

Redirects to legacy blog post. I was working on a web based project recently where there was no security thought about when designing, developing it. The following outlines my experience with retrofitting security. It’s my hope that someone will find it useful for their own implementation.

Using PSCredentials

Redirects to legacy blog post. I’ve been working on a small project that shuts down machines attached by network and of course power feed to an APC Smart-UPS. The code that was shutting down the guests required authentication to be passed to the receiving services.