Thursday, September 26, 2013

Scaling Web Security - JavaOne Security Talk

This week I spoke at JavaOne on scaling web security programs. It was a great event and I enjoyed the chance to speak to a great crowd of developers and security individuals.

Presentation below. Enjoy.

-Michael Coates - @_mwc

Tuesday, September 24, 2013

Moderated Application Security News Feed from OWASP

OWASP's moderated application security news feed has returned! We have a new RSS link so please
update your RSS readers with the new information.

The Feed:
Syndicated on twitter: @OWASP_feed

Know of a good application security blog that should be included? Please submit it for consideration here. Lastly, OWASP is free and open so if you're curious how the AppSecNews feed is run then check out the details here.

Many thanks to Jeff Williams for running the AppSecNews feed for the first 8 years. Thanks also to Jim Manico and Sarah Baso for investigating various platforms to restart the new AppSecNews feed!

-Michael Coates - @_mwc

Tuesday, September 17, 2013

OWASP Bay Area - Social Hour in Mountain View on 9/25

Our first Bay Area OWASP social hour(s) will be in Mountain View on Wednesday, September 25th and will be hosted by Shape Security.

The event starts at 5:30pm. Swing by for an after work drink or join us when that last late day meeting ends.
Please RSVP so we can gauge attendance

The purpose of the OWASP social gathering is:
- informal security chat - the benefits of "hallway con" and security talk with others in the industry
- networking - meet other people in the field and industry
- a nice break after a long work day

Note: These events won't have any formal presentations. They're meant to be social gatherings to meet others in the industry and chat about security. Check our quarterly OWASP Bay Area schedule for the security presentation events.
Is your organization interested in hosting an OWASP social hour in the bay area (San Francisco, South Bay, East Bay)? Contact

-Michael Coates - @_mwc

Wednesday, September 4, 2013

OWASP Framework Security Project

The most effective way to bring security capabilities to developers is to have them built into the framework.

With the above goal I've started the OWASP Framework Security Project.

Get Involved
Please join the mailing list or jump in and start contributing to the wiki

What is the OWASP Framework Security Project?
The OWASP Framework Security Project focuses on understanding missing security controls within popular frameworks, and coordinating with developers and the framework leaders to effectively integrate the missing security controls.  This project requires the collaboration between security experts, security minded developers, and framework developers and leaders.  The primary deliverable of this project is source code that is accepted into frameworks.  The OWASP Framework Security Project will maintain documentation to indicate with security controls have been accepted, and links to code and documentation at each framework.

  • Framework Developers - We need your help to build the security controls that will get accepted upstream into the framework. You have the best knowledge on development practices, code style, and knowledge of the framework to get new code accepted.
  • Security Professionals - We need you to help research and catalog available security controls in various frameworks. Our goal is to produce and clear matrix of available and missing security controls by framework.
  • Framework Leaders - Do you lead a key portion of a framework? Let's work together to understand the best way to get new security controls added.

-Michael Coates - @_mwc