OWASP Navigation

Archive for March, 2007

Eu conf…

Saturday, March 31st, 2007

I missed the opportunity to challenge owasp guys at European Conference next May in Milan.

Cfp document I wrote was really bad written and the person who review it didn’t miss the chance to point out  in a not so polite way (IMHO of course) that my english write is bad. That’s ok.  I admit it. I was very hurry with that document and I missed a good chance… the way it was commented however disappointed me. A comment “Hey guy, it was bad written and I wasn’t able to understand the point” could be ok… keep fool around with me for my bad english usage wasn’t so good.

But let’s discuss about Orizon and safe coding… more interesting. My ideas wasn’t so bad so I think I’d just to still coding around them. I hope in SoC2007 at least.

Today I have to partecipate to a taekwon-do stage… I’ll think about “mispelled the world” during fight :D

Posted in Simple life, Orizon announce | No Comments »

Today mantra

Monday, March 19th, 2007

A secure code is also a good quality code but the opposite is not necessary true.

I hope my customers will understand this mantra someday… before I’m getting to tired to try to put security in their broken development teams…

Posted in Orizon hacking | No Comments »

Quick updates

Wednesday, March 14th, 2007

I answered the call to Owasp Spring of Code and Owasp European Conference.

In the SVN repository there is a news in the Orizon world… Bastion.

I figured out, while talking about code review and secure application building, that developers are scared to change a lot of their code to hardenize it. Sometime, when they call me in very late development stages, there is no choice than working hard over the code to improve its security level.

From the consideration arising from discussing code review results and from the great Paul Bohm speech about application security, I pointed out that Orizon has to provide something to put in unsafe code and turn it in a “more secure” one with few changes.

The challenge in Bastion package is to provide people Java objects they can use with security checks and sanitize methods embedded into them. Developers using such objects instead of sun’s regolar ones, harden their code without changing so much.

I think this could be a great direction to go.

That’s why I submit Orizon to Owasp EU Conference and to Spring of code :)

Posted in Orizon announce | No Comments »