Monday, November 24, 2008

Missed the event? - OWASP Portugal Results

If you missed the 2008 OWASP EU Summit held in Portugal then check out these links to get a better idea of the results.

OWASP Summit Press Release (docx) (google docs link)

Creation of Global Committees

Tools and Projects Launched (docx) (google docs link)

The final schedule of talks and working sessions

-Michael Coates

Friday, November 21, 2008 SSL Error? uses an invalid security certificate.

The certificate is only valid for

(Error code: ssl_error_bad_cert_domain)


In all fairness, this is not implying that the site is compromised. But it is poor SSL practice to have a mismatched domain name. And really, can't the white house spring the extra few bucks to get their own certificate?

Jan 24, 09

Looks like they fixed the above issue on Dec 22, 08. However, they introduced a new problem: uses an invalid security certificate.

The certificate is only valid for

(Error code: ssl_error_bad_cert_domain)

-Michael Coates

Monday, November 10, 2008

Back from OWASP Portugal

I just recently returned from a great week in Portugal. The OWASP Europe Summit attracted nearly 100 of the top leaders in OWASP from around the world. In short, the conference was great! I highly encourage anyone involved in OWASP to keep their eyes out for future OWASP events.

The great thing about this conference was that it was almost exclusive to OWASP leaders and the objective was on building OWASP. The security talks were short, only 15 minutes, and focused on the results of the Summer of Code projects.

A large amount of time was dedicated to working sessions. During these 2 hour sessions, focused groups of application security experts tackled difficult issues facing the security community. I took part in two of the Intrinsic Security Working Group sessions (Browser Security, Framework Security). Both sessions were led by Arshan and I am looking forward to more work with this group.

The venue itself was very nice. I was fortunate enough to explore the town and a couple nearby citites. I'll try and get some pictures posted soon.

Overall, this conference was a huge step forward for OWASP. If you're not involved yet, its time to get your things together and check out this organization. There are some really great things coming down the pipe.

Lastly, a huge thanks to everyone on the OWASP Europe planning team (Dinis, Paulo, Sarah, Kate, Anna, Martin and a bunch more). They really worked hard and put together an amazing event.