infosec

Conference - OWASP New Zealand Day

The seventh OWASP New Zealand Day conference, held at the University of Auckland.

Captcha Considerations

Lack of captchas are a risk, but so are captchas themselves...

Talk - Password Profiling, Brute Forcing

Kim talks with his fellow Toastmasters about profiling peoples passwords and then brute forcing web applications with the shortlist of guessed passwords..

Talk - Infectious Media with Rubber Ducky

Kim talks with his fellow Toastmasters about the risks and countermeasures of luring targets to execute infectious media on their devices.

Lack of Visibility in Web Applications

Not being able to introspect your application at any given time or being able to know how the health status is, is not a comfortable place to be in and there is no reason you should be there.

Consuming Free and Open Source

Redirects to legacy blog post. This is where A9 (Using Components with Known Vulnerabilities) of the 2013 OWASP Top 10 comes in. We are consuming far more free and open source libraries than we have ever before. Much of the code we are pulling into our projects is never intentionally used, but is still adding surface area for attack. In this post we address the risks and countermeasures.

Talk - The Exploited & the Exploiters

Taking the perspective of the penetration tester hired in by the target to find the defects in their security defences before the cyber criminals do.

Risks and Countermeasures to the Management of Application Secrets

Redirects to legacy blog post.

Talk - 0wn1ng The Web

At Functional Christchurch, due to popular demand. Taking the perspective of the penetration tester hired in by the target to find the defects in their security defences before the cyber criminals do.

Talk - 0wn1ng The Web

At Test Professionals Network Christchurch, due to popular demand. Taking the perspective of the penetration tester hired in by the target to find the defects in their security defences before the cyber criminals do.