IPAM Presentation: November 2009
Last Wednesday, myself and the other co-op student working with me did a presentation to the Information Protection Association of Manitoba (IPAM) about attacks on web-based applications. It was certainly an interesting experience. Although it wasn't a stellar performance, I think we did okay considering our presentation skills. Unfortunately we were expecting a slightly larger percentage of technical-minded people rather than business-minded people, and thus I got the impression that some of the talk was a little over the heads of a few of those in attendance. Regardless, it was a learning experience, and something I learned a lot from.
I was approached twice after our presentation was over. The first gentleman, to paraphrase, suggested that the presentation would be more useful had it included a mitigation strategy to prevent and (hopefully) eliminate the possibility of attack. I thought he might be on to something here. After all, wouldn't it be great to have a check list to go through, and making sure each item is checked off would result in a secure application? For the rest of the day, I spent a lot of time going back and forth on this idea. On one hand, this check list would be nice, but I also firmly believe that a large amount of the prevention relies on the skill level of the programmer, debugger, and penetration tester, and a check list simply wouldn't be sufficient to protect yourself from attacks. But, having the check list would be a good start. Sort of an "if you've done these things, you've covered the basics" check list. It would be a good reminder sheet for pro programmers, and a good stepping stone for those who are just starting off. To that person, your suggestion has been heard, and the check list has been added to my to-do list, hopefully to have a first draft out within a month or so, so stay tuned for that.
The second gentleman asked if the slides to the presentation would be online for later viewing. At the end of the presentation, although we took almost an hour, I was well aware that we were rushing; we probably had too much content that we wanted to cover. Before the presentation I had already planned to put the slides online as a reference; although it's nice to see the slides during the talk, it's also nice to go back and view them at a later date. Thus, my slides will be online here for anybody to take a look at. I will also be posting my source code, but that will be a bit later (ie. probably next week), since there's a few sections that are a little finicky right now.
A Busy Past Two Weeks
So my twice-per-week updates seem to have fallen a bit behind as of late. To those one or two dedicated readers, my apologies for not giving you something to burn a couple minutes from your day with.
I have three culprits to lay the blame for this lack of updates. One of those has been a savage case of writer's block. Another of those has been a very busy schedule for me. Busier than normal, even. As such, the third and final culprit goes by the name of "Sleep Deprivation", which always seems to tag along with culprit number two. In a possibly vain attempt to get myself back on my writing pedestal, I figured I'd fill you all in about the past two weeks.
As those of you who are involved in the Winnipeg swing scene may know, UMSwing had two events to demo at last weekend, the first being the Gilbert & Sullivan Gala Fund-raiser, and the second being the Winnipeg Jazz Orchestra's performance. The fund-raiser involved a couple of demonstration songs, and the WJO performance involved dancing for 20 minutes during their intermission, as well as the opportunity for one or two couples to dance on stage during one of their songs. Although they took place over the weekend, I've been in talks with organizers of both events for quite some time, and the last week became crunch time for me as I made sure everything went as expected. I'm really glad that we were invited to both events, and we'd certainly be interested in doing it again.
To swing (no pun intended) from one quirky interest to another, this Wednesday a couple of us took advantage of the day off and planned for a session of Dungeons & Dragons. I need to take a minute here to explain this:
- No, it did NOT die out ten years ago
- Yes, it IS fun
- No, you do NOT need to be an über-nerd to play
- Yes, girls DO play it.
Anyway, in this group (which has yet to receive a name), I am the DM; I'm the one who tells the story, plays the non-player characters (NPCs), and guides the other players through their adventures. Although very fun to DM, it also requires a lot of work to create your own adventures; dungeons, the global map, encounters, and NPCs all need to be planned. Thus, that chewed through a fair amount of spare time that I had. On the plus side, I over-prepared, so I have everything I need for the next time around.
This weekend, I have plans to go out to a friend's cottage for some much-needed rest. It'll be nice to get away from it all, and hopefully take some great photos, which I hope to put up for Monday's post. I also have some ideas for another Linux command line tip, so those of you reading my previous post regarding Byobu: stay tuned.
"I've never seen you here before. I like that in a woman."
-- Renaldo 'The Heel', Crimewave (1985)
I Am
- Brian
- Computer Science Student
- Swing Dancer
- Photographer
- Recreational Security Analyst
- brian [at] dj-bri-t [dot] net
- irc.freenode.net #dj-bri-t
Categories
- Development
- Everything Else
- Five Things
- Music
- Photography
- Podcasts
- Rants
- Reviews
- Security
- Technology
- Spectral Instruments 112 Megapixel Digital Camera http://t.co/tVmnlxrm
- I think I just dealt with the pointy end of a netsplit... #irc http://t.co/yS2CpEFC
- The Best Ways to De-Stink Your Stuff http://t.co/0VCirOs2
- Student Makes Real-Life Portal Turret - Slashdot http://t.co/dl1IVDIp
- Faith in humanity restored: "What is the nicest thing you've ever done that no one knows about?" [Reddit] http://t.co/k9FfMxc8
