Teknovis

OWASP (Open Web Application Security Project) is hosting a meeting in Dublin later this month. The talks seem very interesting, and the full details are available in OWASP AppSec 2010 Ireland.

Unfortunately, I will be unable to attend :(

Tags: OWASP

The Register describes some security vulnerabilities in two of Barack Obama’s websites in Congratulations, Barack – Now fix your websites. The most significant security issue that the article highlights is the fact that the administration pages load the Google Analytics JavaScrip file urchin.js. from the Google website. In theory, this means that Google can use this JavaScript file to do almost anything that they want with Barack’s websites. Not a good situation :(

Apparently, many readers did not share the author’s view on this security issue. So the author wrote a follow-up article that provides more details, and opinions of experts from OWASP, in Google Analytics – Yes, it is a security risk.

Independently, it seems that Barack is currently in negotiations in order to continue using his PDA! Apparently, communications devices are banned in the White House, and there are accountability and traceability issues associated with their use! That is an inconvenience! More details about this in Obama tries to stay connected.

Finally, I have heard that a considerable number of websites have appeared that are designed to help the Obama family choose what type of puppy they will get :) Gosh, it must be nice to have enough time to be able to create websites like this!

Tags: Barack Obama, Google, JavaScript, OWASP, PDA, The Register, US Election 2008

A friend informed me that there is an OWASP (Open Web Application Security Project) meeting next week in Dublin. I never heard of this organisation before, but it seems to have good support from its industrial members.

The event is on next Tuesday evening, and there will be three different presentations:

• Potential risks of the offline Internet by David Rook (Realex Payments) and Conor McGoveran (onformonics)
• Internet insecurity and breaking the workflow by Eoin Keary (Ernst and Young)
• Implementing a Risk Based Approach to Developing Applications Securely by John Wood (Fortify)

The event is free, and everybody is welcome! The full event details can be found on the OWASP Ireland Local Chapter web page.

Tags: Ernst and Young, Fortify, Onformonics, OWASP, Realex Payments