Glenn Leifheit

Secure Software Development Lifecycle

admin — Fri, 07 May 2010 05:30:31 +0000

I had the opportunity to speak at TechFuse this week here in the Twin Cities. Many thanks to the organizers and sponsors of the event. I presented on The Secure Software Development Lifecycle, a journey to secure software, here are the resources I promised.

Resources:

SANS Internet Storm Center

TechMasters

Iowa Code Camp, a round up

admin — Mon, 03 May 2010 05:03:02 +0000

I had a blast at the Iowa Code Camp this last weekend. Here is a roundup of the presentations I saw:

Arrays, Collections and Hash tables — Oh My! — Jon VonGillern

As usual Jon had an interesting twist to what could be a long presentation. Other than not having the use of a whiteboard this presentation went well. We learned quite a bit and the demos went well.

Kanban to Cash: Stolen Ideas Make a Beautiful Process — Lee Brandt

This was a very informative discussion on lean development, especially focusing on Kanban. Kanban is based on a Toyota manufacturing process, and modified for software development. Lee did a great job with this and I recommend seeing this next time Lee presents it, especially if you lead your software methodology at work.

Intro to WordPress’ architecture and plug-in/theme development — Kenny Younger & Andy Brudtkuhl

This was a great intro to WordPress development. They covered a lot of information very quickly, and gave us some great resources to look at.

I need to secure my code, now what? – Glenn Leifheit

See my previous blog post

Being a Technology Entrepreneur – Scott Davis

This was a fantastic presentation by Scott, to a nearly packed house. He gave great ideas, resources and a great overall discussion on being a technology entrepreneur.

All in all it was a great event, even with both the Chicago Code Camp and Iowa Code Camp on the same day. As a speaker I would also like to thank everyone who came to my session as well. I look forward to seeing everyone in the fall!

I need to secure my code, now what?

admin — Mon, 03 May 2010 04:29:54 +0000

When your suddenly asked to “make your code secure, right now”, you need to know where to go. This presentation is designed to inform the developers, architects and others where to go to find informative resources in secure development. This was last given at the Twin Cities Code Camp and the Iowa Code Camp during April/May 2010.

Additional Resources:

New OWASP Top 10 Release Candidate Released for 2010!

admin — Mon, 16 Nov 2009 05:57:32 +0000

OWASP Released a new version of their OWASP Top 10 in a Release Candidate has been released, just in time for 2010. A copy of this can be found here. OWASP releases a Top 10 list periodically of the tem most critical web application security risks. There were two new entries:

Security Misconfiguration was added at #6
Unvalidated Redirects and Forwards at #8

Removed were:

Malicious File Execution – Still a problem but appears to be under control more then the other 10.
Information Leakage and Improper Error Handling – Also appears to be under some control compared to the rest of the top 10.

NOTE: Just because Malicious File Execution and Information Leakage and Improper Error Handling have been removed from the top 10 does not mean that they are not important to take care of. It just means they are more understood now and happen much less then they did in 2007.

For more information on the OWASP top 10 visit OWASP at http://www.owasp.org.

Where should you start with web security

admin — Mon, 16 Nov 2009 05:15:24 +0000

When I first started looking into security within web applications years ago there really was no resource that you could take advantage of. This has now changed with OWASP. Their mission is to make application security visible, so that people can make informed decisions. OWASP is a 5013c organization using mostly volunteers. They have over 130 local chapters worldwide that hold meetings to discuss application security, some chapters hold conferences as well. They have over 100 projects in many stages, all carrying the goal of improving application security. OWASP also creates a large number of tools and guides to encourage building applications more securely. The OWASP Development Guide, and the OWASP top ten are essential reading for developers. Other projects such as OWASP’s Enterprise Security API (ESAPI) and WebGoat are also essential tools in web security. I will be posting articles that talk about each of their projects over the next few months. I encourage you to check out your local OWASP Chapter.

Welcome

admin — Mon, 28 Sep 2009 01:01:39 +0000

Welcome to GlennLeifheit.com I will be posting information and discussions on information security, software security, and other miscellaneous Technology topics. Enjoy!