Friday, February 3, 2012

Security & Health Care Startups

Two weeks ago I had the opportunity to speak at Rockhealth's Health Innovation Summit held here in San Francisco.  This was a great conference that brought together many developers and health care tech startups that are looking to revolutionize the way health care is managed throughout the US and the world.

I led an application security workshop where participants where able to setup a virtual testing environment on their laptop and understand critical web application security vulnerabilities through hands-on hacking exercises.  We covered topics such as cross site scripting, access control, cross site request forgery and sql injection.  We had a few minutes left over and even jumped into clickjacking too.

The lab used the OWASP BWA virtual machine and we focused on the OWASP Webgoat security learning software.  My slides are currently built with screenshots using burp proxy, but I'll be updating those soon to switch over to OWASP ZAP Proxy.

The event was fantastic and there was a lot of positive feedback and great questions during and after the workshop.  I'm working with representatives from rock health to identify other ways that OWASP can continue to participate in their developer meetings in the future.

Slides and instructions for setting up the lab are online here.

-Michael Coates - @_mwc