Monday, September 15, 2014

OWASP AppSensor Book Signing at AppSecUSA

Join me at OWASP AppSecUSA for a free signed copy of the new OWASP AppSensor Book. I’ll be at the Shape Security booth in the expo area on Thursday afternoon at 4pm.

New to AppSensor? 
Imagine if your application could detect a threat before your system and data is breached and automatically ban that user from your application. In short, this is what AppSensor can accomplish.

AppSensor is a free and open source project that provides a framework to equip your application with an advanced defense system. This defense system enables your application to  understand malicious activity and respond in real time to protect your sensitive assets and data.

How is this different than traditional IDS and WAFs? 
Generic systems can only detect generic attacks. Your application is unique and needs a defensive system that can detect unique attacks targeting your business logic and access control system. Since AppSensor is built inside your application you have full visibility to any malicious activity or probes attempting to compromise your application.

Stop by the Shape Security both for a free signed copy of the AppSensor booth!

-Michael Coates - @_mwc

Tuesday, August 12, 2014

Has OWASP Helped You? Retweet and help OWASP

-Michael Coates - @_mwc

Thursday, July 17, 2014

Google's Project Zero

Google recently announced Project Zero, an initiative to “to significantly reduce the number of people harmed by targeted attacks“.  Project Zero is inverting the traditional bug bounty program and there are many positive elements to this new initiative. I'm a big proponent of bug bounty programs and worked with them closely at Mozilla (Mozilla created the first major bug bounty program for Firefox in 2004).

In addition to the positive elements I got a chance to also discuss some of the challenges Project Zero may face with Antone Gonsalves @antoneg at

Google bug-hunting Project Zero could face software developer troubles,
Antone Gonsalves | CSO | Jul 16, 2014

-Michael Coates - @_mwc

Thursday, April 17, 2014

Avoiding The Next Heartbleed - LinkedIn Publish

Avoiding The Next Heartbleed
How should companies learn from Heartbleed to be better prepared for the next major security event?

Full story

-Michael Coates - @_mwc

Wednesday, April 16, 2014

Discussing Heartbleed

There's plenty of information out there about Heartbleed. I posted a high level analysis on the Shape blog and there's also an OWASP page up on the topic.

Over the past week I had the opportunity to speak with several organizations about the vulnerability, what is at stake and how organizations should be defending their applications and users.


-Michael Coates - @_mwc